Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify FAQ instructions for logme mechanism (automatically logging in users when they click from my app to Piwik) #11094

Closed
c-prompt opened this issue Dec 26, 2016 · 4 comments
Closed

Clarify FAQ instructions for logme mechanism (automatically logging in users when they click from my app to Piwik) #11094

c-prompt opened this issue Dec 26, 2016 · 4 comments
Milestone
3.0.1

Comments

@c-prompt
Copy link

Testing out latest version and noticed automatic logins no longer work. When using logme (i.e., https://stats.example.org/index.php?module=Login&action=logme&login=your_login&password=your_MD5_password), I'm seeing the following error:

An error occurred The password parameter is expected to be a MD5 hash of the password.

The password being submitted was retrieved via the UsersManager API (i.e., http://demo.piwik.org/?module=API&method=UsersManager.getUsers&userLogins=&format=xml&token_auth=anonymous) and I verified the password retrieved matches what's in the password column of the piwik_user table. I noticed the old passwords from the previous version still login properly via logme so I'm guessing it has something to do with #5278 (Passwords: use better algorithm than md5 hash, use salts and maintain BC ) and/or #10740 (Updates password/token_auth hashing).
@mattab
Copy link
Member

mattab commented Dec 26, 2016

Thanks for the report @c-prompt

Hi @mneudert @sgiehl maybe you have an idea about this issue? This is for our logme feature documented in https://piwik.org/faq/how-to/faq_30/

@sgiehl
Copy link
Member

sgiehl commented Dec 26, 2016

UsersManager API won't return the md5 password any longer, but the password_hash'd one instead, so you can't directly use that for the logme method.

@mattab mattab added this to the 3.0.1 milestone Dec 26, 2016
@mattab
Copy link
Member

mattab commented Dec 26, 2016
edited

sounds like something can be improved / clarified in our documentation (rather than a bug in Piwik), so let's improve the FAQ

@mattab
Copy link
Member

mattab commented Dec 26, 2016

@c-prompt we updated the FAQ and added Since version 3.0 Piwik does not store the password as md5 any longer. As a result there is no way to access the md5 hashed password using the API. To generate the md5 password, you need the user's raw password and then call the md5() hash function on this raw password using your favorite programming language.

So hopefully this is clear and there is no more issue. if we missed something let us know

@mattab mattab closed this as completed Dec 26, 2016
@mattab mattab changed the title Potential 3.0.0 password API logme bug Clarify FAQ instructions for logme mechanism (automatically logging in users when they click from my app to Piwik) Dec 26, 2016
@quenenni quenenni mentioned this issue Mar 31, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.1
Development

No branches or pull requests
3 participants
@mattab @sgiehl @c-prompt