Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracking API: when overriding the request datetime with an invalid token_auth, don't track the request #10890

Closed
mattab opened this issue Nov 21, 2016 · 2 comments · Fixed by #10899
Closed

Tracking API: when overriding the request datetime with an invalid token_auth, don't track the request #10890

mattab opened this issue Nov 21, 2016 · 2 comments · Fixed by #10899
Milestone
3.0.0-b4

Comments

@mattab
Copy link
Member

mattab commented Nov 21, 2016

-> when token_auth is invalid (or not set) and cdt is set with an old timestamp that require authentication, we should skip tracking the request instead of tracking it with the "current datetime".

Context

Currently one can override the request datetime in a Tracking API request by setting cdt parameter. see documentation: http://developer.piwik.org/api-reference/tracking-api#other-parameters-require-authentication-via-token_auth

As discussed in #9939 when the token_auth is not correct, currently the request is tracked using the current date time. This actually create invalid data and hard to detect the issue (ie. many requests could be tracked at once when a device comes online and old data tracked).
@mattab mattab added this to the 3.0.0-b4 milestone Nov 21, 2016
@mattab mattab mentioned this issue Nov 21, 2016
Closed
@tsteur
Copy link
Member

tsteur commented Nov 21, 2016

Ideally we also need to make it configurable re how far in the back it is possible to track without needing token. Maybe we could also change default value from 4 hours to 24 hours?

@mattab
Copy link
Member Author

mattab commented Nov 21, 2016

+1 (configurable + default to 24 hours)

tsteur added a commit that referenced this issue Nov 23, 2016
@tsteur
refs #10890 ignore tracking requests with custom timestamp, accept ti…
9816c8f 
…mestamps up to 1 day in past, added config for timestamps that require auth
@tsteur tsteur mentioned this issue Nov 23, 2016
Merged
mattab pushed a commit that referenced this issue Dec 1, 2016
@tsteur @mattab
Tracking API: when overriding the request datetime with an invalid to…
48c8ca9 
…ken_auth, don't track the request (#10899)

* refs #10890 ignore tracking requests with custom timestamp, accept timestamps up to 1 day in past, added config for timestamps that require auth

* fix test

* update travis yml

* update travis

* update travis

* fix test

* added changelog entry

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* New config.ini.php setting: `tracking_requests_require_authentication_when_custom_timestamp_newer_than`
@mattab mattab mentioned this issue Dec 26, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.0-b4
2 participants
@tsteur @mattab