Logo: Relish

  1. Sign in

Project: relish

Guest access via URL

A user can authenticate as the project's guest user by including a special token in their URL.

So if you want to put links to Relish from your team's wiki, you can include the guest login token in the URL.
If you're already authenticated with Relish we'll ignore the token, but if you're not you'll be automatically
signed in in as the guest user.

Background
Given
there is a private project
And
guest access has been enabled for the project
Scenarios
User with no existing account uses guest URL token
When
I try to access the project using the correct access token
Then
I should be on the page for the project
And
I should see that I am authenticated as the project's guest user
Collaborator signed in to existing account uses guest URL token
Given
I have an existing account
And
I am a collaborator on the project
And
I am signed in
When
I try to access the project using the correct access token
Then
I should be on the page for the project
And
I should be signed in as myself
Non-collaborator signed in to existing account uses guest URL token
Given
I have an existing account
And
I am signed in
But
I am not a collaborator on the project
When
I try to access the project using the correct access token
Then
I should be on the page for the project
And
I should be signed in as myself
And
I should see a message telling me I have temporary guest access to the project
User with existing account but not signed in

This is the edge-case where you accidentally log in as the guest user because
you weren't already signed in as yourself.

Given
I have an existing account
And
I am a collaborator on the project
But
I am not signed in
When
I try to access the project using the correct access token
Then
I should see that I am authenticated as the project's guest user
When
I sign out
And
I sign in with my account details
And
I visit the page for the project
Then
I should be on the page for the project
And
I should be signed in as myself
Attacker / fumbling user tries to guess token
When
I try to access the project using the wrong access token
Then
I should be asked to sign in
And
I should be told that the access token I supplied was incorrect

Last published about 4 years ago by mattwynne.