From a03682d6906bac171dadbf05e357c7242445a86e Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Wed, 24 Jul 2024 14:58:04 +0200 Subject: [PATCH 01/28] initial commit Signed-off-by: Axel Nennker --- .../NumberVerification.feature | 78 +++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 code/Test_Definitions/NumberVerification.feature diff --git a/code/Test_Definitions/NumberVerification.feature b/code/Test_Definitions/NumberVerification.feature new file mode 100644 index 0000000..b238003 --- /dev/null +++ b/code/Test_Definitions/NumberVerification.feature @@ -0,0 +1,78 @@ + + +@NumberVerification +Feature: Camara Number Verification API + +# Input to be provided by the implementation to the tests +# References to OAS spec schemas refer to schemas specified in +# https://raw.githubusercontent.com/camaraproject/NumberVerification/main/code/API_definitions/number_verification.yaml + + Background: Common Number Verification setup + Given the resource "/number-verification/v0" as base url + And the header "Content-Type" is set to "application/json" + And the header "Authorization" is set to a valid access token + And the header "x-correlator" is set to a UUID value + And the request body is compliant with the schema NumberVerificationRequestBody + And the response body is compliant with the schema NumberVerificationMatchResponse + And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 is compliant with the schema DevicePhoneNumber + And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 is compliant with the schema DevicePhoneNumber + And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 is different to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + + @NumberVerification_verify_nooptout_match_true + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Given they use the base url with path /verify over a mobile connection + When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has NOT opted-out of numberverify_verify + And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Then Response code is 200 + And devicePhoneNumberVerified is true + + @NumberVerification_verify_nooptout_match_false + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Given they use the base url with path /verify over a mobile connection + When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has NOT opted-out of numberverify_verify + And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Then Response code is 200 + And devicePhoneNumberVerified is false + + @NumberVerification_verify_empty_request_body_nooptout_match_true + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Given they use the base url with path /verify over a mobile connection + When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has NOT opted-out of numberverify_verify + And the request body is empty + And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Then Response code is 200 + And devicePhoneNumberVerified is true + + + # subscriber opted out cases + + @NumberVerification_verify_optout_match_true + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Given they use the base url with path /verify over a mobile connection + When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has opted-out of numberverify_verify + And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Then Response code is xxx + And devicePhoneNumberVerified is true + + @NumberVerification_verify_optout_match_false + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Given they use the base url with path /verify over a mobile connection + When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the mobile connection is NOT associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has opted-out of numberverify_verify + And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Then Response code is xxx + And devicePhoneNumberVerified is false + From 849e20d0a1f05fe53fe42239997a92479bd95793 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 12:45:17 +0200 Subject: [PATCH 02/28] use Scenario Outline for common tests Signed-off-by: Axel Nennker --- .../NumberVerification_verify.feature | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 code/Test_Definitions/NumberVerification_verify.feature diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature new file mode 100644 index 0000000..e35a14e --- /dev/null +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -0,0 +1,88 @@ + + +@NumberVerification +Feature: Camara Number Verification API + +# Input to be provided by the implementation to the tests +# References to OAS spec schemas refer to schemas specified in +# https://raw.githubusercontent.com/camaraproject/NumberVerification/main/code/API_definitions/number_verification.yaml + + Background: Common Number Verification setup + Given the resource "/number-verification/v0" as base url + And the header "Content-Type" is set to "application/json" + And the header "Authorization" is set to a valid access token + And the header "x-correlator" is set to a UUID value + And the request body is compliant with the schema NumberVerificationRequestBody + And the response body is compliant with the schema NumberVerificationMatchResponse + And the header "x-correlator" is set to a UUID value + And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 is compliant with the schema DevicePhoneNumber + And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 is compliant with the schema DevicePhoneNumber + And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 is different to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + + @NumberVerification_verify0_phoneNumber_does_not_match_schema + Scenario Outline: phoneNumber value does not comply with the schema + Given the request body property "$.phoneNumber" is set to: + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + Examples: + | phone_number_value | + | string_value | + | 1234567890 | + | +12334foo22222 | + | +00012230304913849 | + | 123 | + | ++49565456787 | + + @NumberVerification_verify1_xcorrelator_does_not_match_schema + Scenario Outline: x-correlator request header value does not comply with the schema + Given the request header "x-correlator" is set to: + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + Examples: + | xcorrelator_value | + | string_value | + | boink | + + + @NumberVerification_verify100_match_true + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Given they use the base url over a mobile connection + And the resource is "/verify" + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + Then the response status code is 200 + And the response property "$.devicePhoneNumberVerified" is true + + + @NumberVerification_verify2_nonempty_match_false + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + Given they use the base url over a mobile connection + And the resource is "/verify" + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + Then the response status code is 200 + And the response property "$.devicePhoneNumberVerified" is false + + + + From 6e52ca9ebefe0b620a8064073a2db52c975f8784 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 12:59:13 +0200 Subject: [PATCH 03/28] new case access token expired Signed-off-by: Axel Nennker --- .../NumberVerification_verify.feature | 53 ++++++++++++++++++- 1 file changed, 51 insertions(+), 2 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index e35a14e..cc09e24 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -39,7 +39,7 @@ Feature: Camara Number Verification API @NumberVerification_verify1_xcorrelator_does_not_match_schema Scenario Outline: x-correlator request header value does not comply with the schema - Given the request header "x-correlator" is set to: + Given if the optional request header "x-correlator" is set to: When the HTTP "POST" request is sent Then the response status code is 400 And the response property "$.status" is 400 @@ -68,7 +68,7 @@ Feature: Camara Number Verification API And the response property "$.devicePhoneNumberVerified" is true - @NumberVerification_verify2_nonempty_match_false + @NumberVerification_verify101_match_false Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 Given they use the base url over a mobile connection And the resource is "/verify" @@ -83,6 +83,55 @@ Feature: Camara Number Verification API Then the response status code is 200 And the response property "$.devicePhoneNumberVerified" is false + @NumberVerification_verify200_missing_phone_number_in_request + Scenario: verify phone number but no phonenumber in request + Given they use the base url over a mobile connection + And the resource is "/verify" + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the request body has NO the field phoneNumber + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + Then the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + @NumberVerification_verify201_missing_scope + Scenario: verify phone number with valid access token but scope number-verification:verify is missing + Given they use the base url over a mobile connection + And the resource is "/verify" + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And none of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the request body has NO the field phoneNumber + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + Then the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" is "Request not authenticated due to missing, invalid, or expired credentials." + + @NumberVerification_verify202_expired_access_token + Scenario: verify phone number with expired access token + Given they use the base url over a mobile connection + And the resource is "/verify" + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the access token has expired + And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the request body has NO the field phoneNumber + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + Then the response property "$.status" is 401 + And the response property "$.code" is "AUTHENTICATION_REQUIRED" + And the response property "$.message" is "New authentication is required." + From bcc87e96fd0218ac39f46ba55ac37d9d82453165 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 13:08:42 +0200 Subject: [PATCH 04/28] rename NumberVerification.feature to NumberVerification_verify.feature Signed-off-by: Axel Nennker --- .../NumberVerification.feature | 78 ------------------- 1 file changed, 78 deletions(-) delete mode 100644 code/Test_Definitions/NumberVerification.feature diff --git a/code/Test_Definitions/NumberVerification.feature b/code/Test_Definitions/NumberVerification.feature deleted file mode 100644 index b238003..0000000 --- a/code/Test_Definitions/NumberVerification.feature +++ /dev/null @@ -1,78 +0,0 @@ - - -@NumberVerification -Feature: Camara Number Verification API - -# Input to be provided by the implementation to the tests -# References to OAS spec schemas refer to schemas specified in -# https://raw.githubusercontent.com/camaraproject/NumberVerification/main/code/API_definitions/number_verification.yaml - - Background: Common Number Verification setup - Given the resource "/number-verification/v0" as base url - And the header "Content-Type" is set to "application/json" - And the header "Authorization" is set to a valid access token - And the header "x-correlator" is set to a UUID value - And the request body is compliant with the schema NumberVerificationRequestBody - And the response body is compliant with the schema NumberVerificationMatchResponse - And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 is compliant with the schema DevicePhoneNumber - And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 is compliant with the schema DevicePhoneNumber - And NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 is different to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 - - @NumberVerification_verify_nooptout_match_true - Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Given they use the base url with path /verify over a mobile connection - When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has NOT opted-out of numberverify_verify - And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Then Response code is 200 - And devicePhoneNumberVerified is true - - @NumberVerification_verify_nooptout_match_false - Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Given they use the base url with path /verify over a mobile connection - When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has NOT opted-out of numberverify_verify - And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 - And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Then Response code is 200 - And devicePhoneNumberVerified is false - - @NumberVerification_verify_empty_request_body_nooptout_match_true - Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Given they use the base url with path /verify over a mobile connection - When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has NOT opted-out of numberverify_verify - And the request body is empty - And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Then Response code is 200 - And devicePhoneNumberVerified is true - - - # subscriber opted out cases - - @NumberVerification_verify_optout_match_true - Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Given they use the base url with path /verify over a mobile connection - When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the mobile connection is associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has opted-out of numberverify_verify - And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Then Response code is xxx - And devicePhoneNumberVerified is true - - @NumberVerification_verify_optout_match_false - Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Given they use the base url with path /verify over a mobile connection - When they verify NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the mobile connection is NOT associated to NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the subscriber associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 has opted-out of numberverify_verify - And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the access_token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Then Response code is xxx - And devicePhoneNumberVerified is false - From cfe09c09cb04706156e4d330b76686c70c33ec01 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 13:10:55 +0200 Subject: [PATCH 05/28] add verify Signed-off-by: Axel Nennker --- code/Test_Definitions/NumberVerification_verify.feature | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index cc09e24..df93d20 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -1,13 +1,13 @@ -@NumberVerification -Feature: Camara Number Verification API +@NumberVerification_verify +Feature: Camara Number Verification API verify # Input to be provided by the implementation to the tests # References to OAS spec schemas refer to schemas specified in # https://raw.githubusercontent.com/camaraproject/NumberVerification/main/code/API_definitions/number_verification.yaml - Background: Common Number Verification setup + Background: Common Number Verification verify setup Given the resource "/number-verification/v0" as base url And the header "Content-Type" is set to "application/json" And the header "Authorization" is set to a valid access token From 564359dafee31e4e5c435da47ff8253e68e873a9 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 15:01:41 +0200 Subject: [PATCH 06/28] remove x-correlator format test Signed-off-by: Axel Nennker --- .../NumberVerification_verify.feature | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index df93d20..60ea804 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -36,21 +36,7 @@ Feature: Camara Number Verification API verify | +00012230304913849 | | 123 | | ++49565456787 | - - @NumberVerification_verify1_xcorrelator_does_not_match_schema - Scenario Outline: x-correlator request header value does not comply with the schema - Given if the optional request header "x-correlator" is set to: - When the HTTP "POST" request is sent - Then the response status code is 400 - And the response property "$.status" is 400 - And the response property "$.code" is "INVALID_ARGUMENT" - And the response property "$.message" contains a user friendly text - - Examples: - | xcorrelator_value | - | string_value | - | boink | - + @NumberVerification_verify100_match_true Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 From 9fe46ce44223a3e89301594dc26d8a6985ee4d0c Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 15:02:49 +0200 Subject: [PATCH 07/28] remove CIBA Signed-off-by: Axel Nennker --- .../Test_Definitions/NumberVerification_verify.feature | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 60ea804..08ce726 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -36,13 +36,13 @@ Feature: Camara Number Verification API verify | +00012230304913849 | | 123 | | ++49565456787 | - + @NumberVerification_verify100_match_true Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 Given they use the base url over a mobile connection And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -58,7 +58,7 @@ Feature: Camara Number Verification API verify Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 Given they use the base url over a mobile connection And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -73,7 +73,7 @@ Feature: Camara Number Verification API verify Scenario: verify phone number but no phonenumber in request Given they use the base url over a mobile connection And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -89,7 +89,7 @@ Feature: Camara Number Verification API verify Scenario: verify phone number with valid access token but scope number-verification:verify is missing Given they use the base url over a mobile connection And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And none of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 From 79181e61a91469de8ddef912fbc8e5811e9a9071 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 15:13:12 +0200 Subject: [PATCH 08/28] some lines about testing environment and assets Signed-off-by: Axel Nennker --- code/Test_Definitions/NumberVerification_verify.feature | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 08ce726..513f74f 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -6,6 +6,15 @@ Feature: Camara Number Verification API verify # Input to be provided by the implementation to the tests # References to OAS spec schemas refer to schemas specified in # https://raw.githubusercontent.com/camaraproject/NumberVerification/main/code/API_definitions/number_verification.yaml +# +# Implementation indications: +# * api_root: API root of the server URL +# +# Testing assets: +# * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 +# * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + + Background: Common Number Verification verify setup Given the resource "/number-verification/v0" as base url From da3c3bb2a519011e96a20418ba6d0694de155906 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 15:22:26 +0200 Subject: [PATCH 09/28] single cause of failure Signed-off-by: Axel Nennker --- code/Test_Definitions/NumberVerification_verify.feature | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 513f74f..4c566fa 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -9,7 +9,7 @@ Feature: Camara Number Verification API verify # # Implementation indications: # * api_root: API root of the server URL -# +# # Testing assets: # * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 # * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 @@ -102,7 +102,7 @@ Feature: Camara Number Verification API verify And none of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the request body has NO the field phoneNumber + And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" @@ -114,12 +114,12 @@ Feature: Camara Number Verification API verify Scenario: verify phone number with expired access token Given they use the base url over a mobile connection And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow or CIBA + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the access token has expired And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the request body has NO the field phoneNumber + And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" From d012be8460899bc4bd85680c56c04456fa222c35 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 15:28:19 +0200 Subject: [PATCH 10/28] better text if phone number from access token and from parameter do not match Signed-off-by: Axel Nennker --- code/Test_Definitions/NumberVerification_verify.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 4c566fa..6cc7848 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -64,7 +64,7 @@ Feature: Camara Number Verification API verify @NumberVerification_verify101_match_false - Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 but access token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 Given they use the base url over a mobile connection And the resource is "/verify" And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow From 82f02e9509ed0d768fc3c913aad6228a4c78a70a Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 15:37:35 +0200 Subject: [PATCH 11/28] And the request body does not have the field phoneNumber Signed-off-by: Axel Nennker --- code/Test_Definitions/NumberVerification_verify.feature | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 6cc7848..51891c8 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -90,7 +90,8 @@ Feature: Camara Number Verification API verify And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" - Then the response property "$.status" is 400 + Then the response status code is 400 + And the response property "$.status" is 400 And the response property "$.code" is "INVALID_ARGUMENT" And the response property "$.message" contains a user friendly text @@ -106,7 +107,8 @@ Feature: Camara Number Verification API verify And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" - Then the response property "$.status" is 401 + Then the response status code is 401 + And the response property "$.status" is 401 And the response property "$.code" is "UNAUTHENTICATED" And the response property "$.message" is "Request not authenticated due to missing, invalid, or expired credentials." @@ -123,7 +125,8 @@ Feature: Camara Number Verification API verify And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" - Then the response property "$.status" is 401 + Then the response status code is 401 + And the response property "$.status" is 401 And the response property "$.code" is "AUTHENTICATION_REQUIRED" And the response property "$.message" is "New authentication is required." From ada4a180b0ba41a4c7f53da1cf160a9ff9eb58d8 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 17:39:57 +0200 Subject: [PATCH 12/28] NumberVerificationMatchResponse Signed-off-by: Axel Nennker --- .../Test_Definitions/NumberVerification_verify.feature | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 51891c8..8574c33 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -58,7 +58,7 @@ Feature: Camara Number Verification API verify And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" Then the response status code is 200 And the response property "$.devicePhoneNumberVerified" is true @@ -74,7 +74,7 @@ Feature: Camara Number Verification API verify And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" Then the response status code is 200 And the response property "$.devicePhoneNumberVerified" is false @@ -89,7 +89,7 @@ Feature: Camara Number Verification API verify And the request body has NO the field phoneNumber And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" Then the response status code is 400 And the response property "$.status" is 400 And the response property "$.code" is "INVALID_ARGUMENT" @@ -106,7 +106,7 @@ Feature: Camara Number Verification API verify And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" Then the response status code is 401 And the response property "$.status" is 401 And the response property "$.code" is "UNAUTHENTICATED" @@ -124,7 +124,7 @@ Feature: Camara Number Verification API verify And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/SendCodeResponse" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" Then the response status code is 401 And the response property "$.status" is 401 And the response property "$.code" is "AUTHENTICATION_REQUIRED" From 2c488bf1da5b5477a06f35a6594345135690dd13 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 17:46:33 +0200 Subject: [PATCH 13/28] remove over a mobile connection Signed-off-by: Axel Nennker --- .../Test_Definitions/NumberVerification_verify.feature | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 8574c33..5aac7d7 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -49,7 +49,7 @@ Feature: Camara Number Verification API verify @NumberVerification_verify100_match_true Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - Given they use the base url over a mobile connection + Given they use the base url And the resource is "/verify" And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify @@ -65,7 +65,7 @@ Feature: Camara Number Verification API verify @NumberVerification_verify101_match_false Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 but access token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 - Given they use the base url over a mobile connection + Given they use the base url And the resource is "/verify" And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify @@ -80,7 +80,7 @@ Feature: Camara Number Verification API verify @NumberVerification_verify200_missing_phone_number_in_request Scenario: verify phone number but no phonenumber in request - Given they use the base url over a mobile connection + Given they use the base url And the resource is "/verify" And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify @@ -97,7 +97,7 @@ Feature: Camara Number Verification API verify @NumberVerification_verify201_missing_scope Scenario: verify phone number with valid access token but scope number-verification:verify is missing - Given they use the base url over a mobile connection + Given they use the base url And the resource is "/verify" And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And none of the scopes associated with the access token is number-verification:verify @@ -114,7 +114,7 @@ Feature: Camara Number Verification API verify @NumberVerification_verify202_expired_access_token Scenario: verify phone number with expired access token - Given they use the base url over a mobile connection + Given they use the base url And the resource is "/verify" And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify From fc899f895021d4669e177997086a805508d463b3 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 17:48:58 +0200 Subject: [PATCH 14/28] remove mobile connection Signed-off-by: Axel Nennker --- code/Test_Definitions/NumberVerification_verify.feature | 5 ----- 1 file changed, 5 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 5aac7d7..f5ec5df 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -54,7 +54,6 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent - And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -70,7 +69,6 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent - And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -85,7 +83,6 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent - And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has NO the field phoneNumber And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -102,7 +99,6 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And none of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent - And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -120,7 +116,6 @@ Feature: Camara Number Verification API verify And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the access token has expired - And the mobile connection is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" From e0e2c58394d1f7b800e9d1d0c06bb57175635c1c Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 17:53:01 +0200 Subject: [PATCH 15/28] initial commit of "share" test definitions Signed-off-by: Axel Nennker --- ...fication_device_phone_number_share.feature | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 code/Test_Definitions/NumberVerification_device_phone_number_share.feature diff --git a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature new file mode 100644 index 0000000..e54ce04 --- /dev/null +++ b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature @@ -0,0 +1,75 @@ + + +@NumberVerification_device_phone_number_share +Feature: Camara Number Verification API device phone number share + +# Input to be provided by the implementation to the tests +# References to OAS spec schemas refer to schemas specified in +# https://raw.githubusercontent.com/camaraproject/NumberVerification/main/code/API_definitions/number_verification.yaml +# +# Implementation indications: +# * api_root: API root of the server URL +# +# Testing assets: +# * a mobile device with SIM card with NUMBERVERIFY_SHARE_PHONENUMBER1 +# * a mobile device with SIM card with NUMBERVERIFY_SHARE_PHONENUMBER2 + + Background: Common Number Verification phone number share setup + Given the resource "/device-phone-number/v0" as base url + And the header "Content-Type" is set to "application/json" + And the header "Authorization" is set to a valid access token + And the header "x-correlator" is set to a UUID value + And the request body is compliant with the schema NumberVerificationRequestBody + And the response body is compliant with the schema NumberVerificationMatchResponse + And the header "x-correlator" is set to a UUID value + And NUMBERVERIFY_SHARE_PHONENUMBER1 is compliant with the schema DevicePhoneNumber + And NUMBERVERIFY_SHARE_PHONENUMBER2 is compliant with the schema DevicePhoneNumber + And NUMBERVERIFY_SHARE_PHONENUMBER1 is different to NUMBERVERIFY_SHARE_PHONENUMBER2 + + @NumberVerification_phone_number_share100_match_true + Scenario: share phone number NUMBERVERIFY_SHARE_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_SHARE_PHONENUMBER1 + Given they use the base url + And the resource is "/device-phone-number" + And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow + And one of the scopes associated with the access token is number-verification:device-phone-number:read + When the HTTPS "GET" request is sent + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" + Then the response status code is 200 + And the response property "$.devicePhoneNumber" is set to NUMBERVERIFY_SHARE_PHONENUMBER1 + + @NumberVerification_phone_number_share201_missing_scope + Scenario: share phone number with valid access token but scope number-verification:device-phone-number:read is missing + Given they use the base url + And the resource is "/device-phone-number" + And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow + And none of the scopes associated with the access token is number-verification:device-phone-number:read + When the HTTPS "GET" request is sent + And the request body has the field phoneNumber with a value of NUMBERVERIFY_SHARE_PHONENUMBER1 + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" + Then the response status code is 401 + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" is "Request not authenticated due to missing, invalid, or expired credentials." + + @NumberVerification_phone_number_share202_expired_access_token + Scenario: share phone number with expired access token + Given they use the base url + And the resource is "/device-phone-number" + And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow + And one of the scopes associated with the access token is number-verification:device-phone-number:read + When the HTTPS "GET" request is sent + And the access token has expired + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" + Then the response status code is 401 + And the response property "$.status" is 401 + And the response property "$.code" is "AUTHENTICATION_REQUIRED" + And the response property "$.message" is "New authentication is required." + + + + From fcea40075aa6c0db033d70962460a27a6645f235 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 26 Jul 2024 18:07:36 +0200 Subject: [PATCH 16/28] add hashed numbers test definitions Signed-off-by: Axel Nennker --- .../NumberVerification_verify.feature | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index f5ec5df..5102782 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -13,6 +13,8 @@ Feature: Camara Number Verification API verify # Testing assets: # * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 # * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 +# * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED1 +# * a mobile device with SIM card with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED2 @@ -61,6 +63,20 @@ Feature: Camara Number Verification API verify Then the response status code is 200 And the response property "$.devicePhoneNumberVerified" is true + @NumberVerification_verify300_match_hashed_true + Scenario: verify hashed phone number hashed NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + Given they use the base url + And the resource is "/verify" + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the request body has the field hashedPhoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED1 + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" + Then the response status code is 200 + And the response property "$.devicePhoneNumberVerified" is true + @NumberVerification_verify101_match_false Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 but access token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 @@ -76,6 +92,20 @@ Feature: Camara Number Verification API verify Then the response status code is 200 And the response property "$.devicePhoneNumberVerified" is false + @NumberVerification_verify301_match_false + Scenario: verify hashed phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 but access token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 + Given they use the base url + And the resource is "/verify" + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the request body has the field hashedPhoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED2 + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" + Then the response status code is 200 + And the response property "$.devicePhoneNumberVerified" is false + @NumberVerification_verify200_missing_phone_number_in_request Scenario: verify phone number but no phonenumber in request Given they use the base url From 50949f4b7725b15be8a900adc06f1c242726a335 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Sat, 27 Jul 2024 08:38:07 +0200 Subject: [PATCH 17/28] re-added "And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1" Signed-off-by: Axel Nennker --- .../NumberVerification_device_phone_number_share.feature | 3 +++ code/Test_Definitions/NumberVerification_verify.feature | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature index e54ce04..7a51324 100644 --- a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature +++ b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature @@ -33,6 +33,7 @@ Feature: Camara Number Verification API device phone number share And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:device-phone-number:read When the HTTPS "GET" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" Then the response status code is 200 @@ -45,6 +46,7 @@ Feature: Camara Number Verification API device phone number share And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow And none of the scopes associated with the access token is number-verification:device-phone-number:read When the HTTPS "GET" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_SHARE_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -61,6 +63,7 @@ Feature: Camara Number Verification API device phone number share And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:device-phone-number:read When the HTTPS "GET" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the access token has expired And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 5102782..8ab5401 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -56,6 +56,7 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -70,6 +71,7 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field hashedPhoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -85,6 +87,7 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -99,6 +102,7 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field hashedPhoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED2 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -113,6 +117,7 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has NO the field phoneNumber And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -129,6 +134,7 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And none of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" @@ -145,6 +151,7 @@ Feature: Camara Number Verification API verify And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the access token has expired And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER And the response header "x-correlator" has same value as the request header "x-correlator" From 796b9c60d15b6685fb6276981e1f354921e94a79 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 2 Aug 2024 15:35:26 +0200 Subject: [PATCH 18/28] Update NumberVerification_device_phone_number_share.feature add access token acquiring to the Background section --- .../NumberVerification_device_phone_number_share.feature | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature index 7a51324..eacc18a 100644 --- a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature +++ b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature @@ -25,12 +25,12 @@ Feature: Camara Number Verification API device phone number share And NUMBERVERIFY_SHARE_PHONENUMBER1 is compliant with the schema DevicePhoneNumber And NUMBERVERIFY_SHARE_PHONENUMBER2 is compliant with the schema DevicePhoneNumber And NUMBERVERIFY_SHARE_PHONENUMBER1 is different to NUMBERVERIFY_SHARE_PHONENUMBER2 + And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow @NumberVerification_phone_number_share100_match_true Scenario: share phone number NUMBERVERIFY_SHARE_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_SHARE_PHONENUMBER1 Given they use the base url And the resource is "/device-phone-number" - And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:device-phone-number:read When the HTTPS "GET" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -43,7 +43,6 @@ Feature: Camara Number Verification API device phone number share Scenario: share phone number with valid access token but scope number-verification:device-phone-number:read is missing Given they use the base url And the resource is "/device-phone-number" - And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow And none of the scopes associated with the access token is number-verification:device-phone-number:read When the HTTPS "GET" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -60,7 +59,6 @@ Feature: Camara Number Verification API device phone number share Scenario: share phone number with expired access token Given they use the base url And the resource is "/device-phone-number" - And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:device-phone-number:read When the HTTPS "GET" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 From 414a57f9aa54477586a31cde46dd7feef9089eb2 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Fri, 2 Aug 2024 15:37:34 +0200 Subject: [PATCH 19/28] Update NumberVerification_verify.feature add access token acquisition to the Background section --- .../Test_Definitions/NumberVerification_verify.feature | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 8ab5401..35b8532 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -38,7 +38,8 @@ Feature: Camara Number Verification API verify And the response property "$.status" is 400 And the response property "$.code" is "INVALID_ARGUMENT" And the response property "$.message" contains a user friendly text - + And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow + Examples: | phone_number_value | | string_value | @@ -53,7 +54,6 @@ Feature: Camara Number Verification API verify Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 Given they use the base url And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -68,7 +68,6 @@ Feature: Camara Number Verification API verify Scenario: verify hashed phone number hashed NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 Given they use the base url And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -84,7 +83,6 @@ Feature: Camara Number Verification API verify Scenario: verify phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 but access token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 Given they use the base url And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -99,7 +97,6 @@ Feature: Camara Number Verification API verify Scenario: verify hashed phone number NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 but access token is associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER2 Given they use the base url And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -114,7 +111,6 @@ Feature: Camara Number Verification API verify Scenario: verify phone number but no phonenumber in request Given they use the base url And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -131,7 +127,6 @@ Feature: Camara Number Verification API verify Scenario: verify phone number with valid access token but scope number-verification:verify is missing Given they use the base url And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And none of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 @@ -148,7 +143,6 @@ Feature: Camara Number Verification API verify Scenario: verify phone number with expired access token Given they use the base url And the resource is "/verify" - And they acquired a valid access token associated with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 through OIDC authorization code flow And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 From 6d6d58f2611fbebb1eb1a89881e347b5a46dde3c Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Thu, 8 Aug 2024 15:25:33 +0200 Subject: [PATCH 20/28] added test NumberVerification_verify203_both_phone_number_and_hashed_in_request --- .../NumberVerification_verify.feature | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 35b8532..a4f8b21 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -156,6 +156,21 @@ Feature: Camara Number Verification API verify And the response property "$.code" is "AUTHENTICATION_REQUIRED" And the response property "$.message" is "New authentication is required." - + @NumberVerification_verify203_both_phone_number_and_hashed_in_request + Scenario: verify phone number but no phonenumber in request + Given they use the base url + And the resource is "/verify" + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "POST" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the request body has the field hashedPhoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED1 + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text From f8513aa68d53abee91d20b56ae5b325e3177cee4 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Wed, 21 Aug 2024 15:49:55 +0200 Subject: [PATCH 21/28] missing scope error is 403 --- .../NumberVerification_device_phone_number_share.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature index eacc18a..c436d1b 100644 --- a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature +++ b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature @@ -50,8 +50,8 @@ Feature: Camara Number Verification API device phone number share And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" - Then the response status code is 401 - And the response property "$.status" is 401 + Then the response status code is 403 + And the response property "$.status" is 403 And the response property "$.code" is "UNAUTHENTICATED" And the response property "$.message" is "Request not authenticated due to missing, invalid, or expired credentials." From 4c775caa95284b80413251f9108afefd80e5277d Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Wed, 21 Aug 2024 15:51:02 +0200 Subject: [PATCH 22/28] missing scope is error code 403 --- code/Test_Definitions/NumberVerification_verify.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index a4f8b21..b9212d0 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -134,8 +134,8 @@ Feature: Camara Number Verification API verify And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" - Then the response status code is 401 - And the response property "$.status" is 401 + Then the response status code is 403 + And the response property "$.status" is 403 And the response property "$.code" is "UNAUTHENTICATED" And the response property "$.message" is "Request not authenticated due to missing, invalid, or expired credentials." From 81072eb37dea59a354d41ac2ad923915f434b79d Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Wed, 21 Aug 2024 15:52:18 +0200 Subject: [PATCH 23/28] Update code/Test_Definitions/NumberVerification_verify.feature Co-authored-by: Fernando Prado Cabrillo --- code/Test_Definitions/NumberVerification_verify.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index b9212d0..2a9b507 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -114,7 +114,7 @@ Feature: Camara Number Verification API verify And one of the scopes associated with the access token is number-verification:verify When the HTTPS "POST" request is sent And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 - And the request body has NO the field phoneNumber + And the request body has NO the field phoneNumber or hashedPhoneNumber And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" From f3fbd3920a1ff95bdcb00fe2dc697f2793289cba Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Thu, 22 Aug 2024 18:05:14 +0200 Subject: [PATCH 24/28] added NumberVerification_phone_number_share203_no_phonenumber_associated_with_access_token --- ...fication_device_phone_number_share.feature | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature index c436d1b..a3bb727 100644 --- a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature +++ b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature @@ -49,7 +49,7 @@ Feature: Camara Number Verification API device phone number share And the request body has the field phoneNumber with a value of NUMBERVERIFY_SHARE_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" Then the response status code is 403 And the response property "$.status" is 403 And the response property "$.code" is "UNAUTHENTICATED" @@ -65,12 +65,26 @@ Feature: Camara Number Verification API device phone number share And the access token has expired And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" Then the response status code is 401 And the response property "$.status" is 401 And the response property "$.code" is "AUTHENTICATION_REQUIRED" And the response property "$.message" is "New authentication is required." - + @NumberVerification_phone_number_share203_no_phonenumber_associated_with_access_token + Scenario: share phone number with valid access token that is not associated with a phone number + Given they use the base url + And the resource is "/device-phone-number" + And one of the scopes associated with the access token is number-verification:device-phone-number:read + When the HTTPS "GET" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the access token is not associated with a phone number + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" is "Phone number cannot be deducted from access token context." From fa334b2b21603355bd4f4208b5175ea479d123ae Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Thu, 22 Aug 2024 18:09:34 +0200 Subject: [PATCH 25/28] addedd NumberVerification_phone_number_verify204_no_phonenumber_associated_with_access_token --- .../NumberVerification_verify.feature | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 2a9b507..498d357 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -117,7 +117,7 @@ Feature: Camara Number Verification API verify And the request body has NO the field phoneNumber or hashedPhoneNumber And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" Then the response status code is 400 And the response property "$.status" is 400 And the response property "$.code" is "INVALID_ARGUMENT" @@ -133,7 +133,7 @@ Feature: Camara Number Verification API verify And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" Then the response status code is 403 And the response property "$.status" is 403 And the response property "$.code" is "UNAUTHENTICATED" @@ -150,7 +150,7 @@ Feature: Camara Number Verification API verify And the request body has the field phoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" Then the response status code is 401 And the response property "$.status" is 401 And the response property "$.code" is "AUTHENTICATION_REQUIRED" @@ -167,10 +167,25 @@ Feature: Camara Number Verification API verify And the request body has the field hashedPhoneNumber with a value of NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER_HASHED1 And the response header "x-correlator" has same value as the request header "x-correlator" And the response header "Content-Type" is "application/json" - And the response body complies with the OAS schema at "/components/schemas/NumberVerificationMatchResponse" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" Then the response status code is 400 And the response property "$.status" is 400 And the response property "$.code" is "INVALID_ARGUMENT" And the response property "$.message" contains a user friendly text - + @NumberVerification_phone_number_verify204_no_phonenumber_associated_with_access_token + Scenario: verify phone number with valid access token that is not associated with a phone number + Given they use the base url + And the resource is "/verify" + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "GET" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the access token is not associated with a phone number + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" is "Phone number cannot be deducted from access token context." + From 393d7da67930c047eec8266c387dd7e30e18aa34 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Sat, 24 Aug 2024 15:18:35 +0200 Subject: [PATCH 26/28] added @NumberVerification_phone_number_verify205_must_have_used_network_authentication Should we add to all success cases that network authentication MUST have been used to identify the subscription? --- .../NumberVerification_verify.feature | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 498d357..71d017f 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -189,3 +189,19 @@ Feature: Camara Number Verification API verify And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" is "Phone number cannot be deducted from access token context." + +@NumberVerification_phone_number_verify205_must_have_used_network_authentication + Scenario: verify phone number with valid access token but network authentication was not used + Given they use the base url + And the resource is "/verify" + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "GET" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the information, e.g. authentication method reference, associated with the access token indicates that network authentication was NOT used + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "NUMBER_VERIFICATION.USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK" + And the response property "$.message" is "The subscription must be identified via the mobile network to use this servicet." From a61b1c47de5863fb8c031fac7da44ed585e7023a Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Sat, 24 Aug 2024 15:19:23 +0200 Subject: [PATCH 27/28] fix indentation --- code/Test_Definitions/NumberVerification_verify.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/Test_Definitions/NumberVerification_verify.feature b/code/Test_Definitions/NumberVerification_verify.feature index 71d017f..542cdfb 100644 --- a/code/Test_Definitions/NumberVerification_verify.feature +++ b/code/Test_Definitions/NumberVerification_verify.feature @@ -190,7 +190,7 @@ Feature: Camara Number Verification API verify And the response property "$.message" is "Phone number cannot be deducted from access token context." -@NumberVerification_phone_number_verify205_must_have_used_network_authentication + @NumberVerification_phone_number_verify205_must_have_used_network_authentication Scenario: verify phone number with valid access token but network authentication was not used Given they use the base url And the resource is "/verify" From 5b35bde98047c09c6bd807b5e17dc62dececaa02 Mon Sep 17 00:00:00 2001 From: Axel Nennker Date: Sat, 24 Aug 2024 15:23:02 +0200 Subject: [PATCH 28/28] added @NumberVerification_phone_number_share205_must_have_used_network_authentication --- ...erification_device_phone_number_share.feature | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature index a3bb727..4d81091 100644 --- a/code/Test_Definitions/NumberVerification_device_phone_number_share.feature +++ b/code/Test_Definitions/NumberVerification_device_phone_number_share.feature @@ -87,4 +87,18 @@ Feature: Camara Number Verification API device phone number share And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" is "Phone number cannot be deducted from access token context." - + @NumberVerification_phone_number_share205_must_have_used_network_authentication + Scenario: share phone number with valid access token but network authentication was not used + Given they use the base url + And the resource is "/device-phone-number" + And one of the scopes associated with the access token is number-verification:verify + When the HTTPS "GET" request is sent + And the connection the request is sent over originates from a device with NUMBERVERIFY_VERIFY_MATCH_PHONENUMBER1 + And the information, e.g. authentication method reference, associated with the access token indicates that network authentication was NOT used + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response header "Content-Type" is "application/json" + And the response body complies with the OAS schema at "/components/schemas/ErrorInfo" + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "NUMBER_VERIFICATION.USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK" + And the response property "$.message" is "The subscription must be identified via the mobile network to use this servicet."