Story 1.0.16.1. Attachments. Safe access for user file

Written by

in

ROCKEN Documentation

Content

[ Content ] [ General info ] [ User story ] [ Visual design: ] [ Acceptance criteria ]

General info

As part of enhancing data security, the system must ensure that attachments shared through URLs with companies or users are accessible only for a limited time. This feature addresses the security concern where links to user files have been accessible without time limitations.

User story

As a user,
I want the attachment links to expire after 3 hours,
so that sensitive data on S3 is protected and cannot be accessed beyond the designated time window.

Visual design:

–

	Acceptance criteria
01	Scenario: Attachment link expiration after 3 hours Given a user is given a URL to an attachment, When the URL is accessed, Then the link should expire after 3 hours. during the investigation the links to attachments in the shared profiles without time limitations were found. Here is an example: shared profile – https://talent.rocken.ch/profile/preview/grxmrvg_john230connor?rid=gdqpkll links – https://api.rocken.ch/api/v1/attachments/onpbmzr_trainee, https://api.rocken.ch/api/v1/attachments/okzdevk_bachelor
02	Scenario: Shared profile URL with time-limited access Given a shared profile URL with an attachment, When the link is accessed, Then the attachment should not be available after 3 hours.
03	Scenario: Expired link access attempt Given a URL to an attachment, When the user tries to access it after 3 hours, Then the system should display an error or invalid link message.
04	Scenario: Restricted access to valid link within 3 hours Given the system has time-limited access to attachment links, When a user shares the link, Then only the user with the valid link within the 3-hour period should be able to access it.

Comments

Leave a Reply Cancel reply

You must be logged in to post a comment.

More posts