Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When exporting data and "Show export URL" is clicked, don't reveal the full token_auth until field is clicked #13585

Merged
merged 1 commit into from Dec 6, 2018
Merged

When exporting data and "Show export URL" is clicked, don't reveal the full token_auth until field is clicked #13585

merged 1 commit into from Dec 6, 2018

Conversation

tsteur
Copy link
Member

@tsteur tsteur commented Oct 11, 2018

refs #13413

Seeing there are no UI tests for this feature so far but also don't think it needs any. Logic is simple and otherwise end up with thousands of UI tests :)

@tsteur tsteur added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Oct 11, 2018
@tsteur tsteur added this to the 3.7.0 milestone Oct 11, 2018
sgiehl
sgiehl approved these changes Oct 11, 2018
View reviewed changes
Copy link
Member

@sgiehl sgiehl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still unsure if that "improvement" is good regarding usability but works as expected

@tsteur
Copy link
Member Author

tsteur commented Oct 11, 2018

Still unsure if that "improvement" is good regarding usability but works as expected

same here @sgiehl . It doesn't improve security but makes it much harder to use and looks buggy. "Show export URL" does already the hiding of the URL initially. People will just click again and then be surprised there is a token (most people won't be surprised because they don't realise it is an authentication token). The problem really is that using the authentication token in the first place.

@diosmosis diosmosis merged commit ac39d23 into 3.x-dev Dec 6, 2018
@diosmosis diosmosis deleted the 13413 branch December 6, 2018 02:28
sgiehl pushed a commit that referenced this pull request Dec 6, 2018
@tsteur @sgiehl
show full information of URL only on extra click (#13585)
fb81176
diosmosis pushed a commit that referenced this pull request Dec 8, 2018
@sgiehl @diosmosis
Keep flattened columns as extra columns (#12199)
33f074e 
* Add reports dimensions to metadata of report and rows

* translate dimension columns

* updates test files

* fix possible error when no report is available

* update tests

* Improve subdimension detection

* Adjust tests for labelX logic

* Makes flattener compatible with 3 dimensions

* Adds new method getThirdLeveltableDimension to report class

* Do not ask for 2fa authentication code when CoreUpdater is being requested (#13796)

Could fix an edge case where user is logged in, but hasn't confirmed the auth code (so the user is not actually logged in), and then an update appears.

* Added Fallback Method for Alexa in SEO Plugin (#13552)

* added fallback method for Alexa, fixes issue #13427

* do not use short array syntax for consistency with other methods

* use mini link for Alexa, use DomXPath to filter out the global ranking instead of regex

* Use db sessions by default, deprecate file session handler (#13540)

* use db sessions by default, deprecate file session handler

* trying to fix tests

* Prevent trigger errors on demand for instances that are opened to anonymous (#13535)

fix #13513

* Remove the previous exception in base validator so the same error is not printed twice (#13801)

* Fixing build  (#13802)

* update submodule

* Update screenshots and try to get test to pass.

* Get SingleMetricView to pass. (#13803)

* Quickform2 throws warnings with PHP7.2 (#13463)

fixes #13272

Haven't actually tested it but should fix the issue. If tests pass, the logic would be still the same. I don't have a PHP 7.2 running here otherwise at the moment

* Send bulk requests in chunks when needed (#13444)

* send bulk requests in chunks

* send requests correctly

* Make log and report data screen less technical (#13464)

* When you are logged out, the URL gets lost when you log in (#13441)

It won't remember any hash as the hash won't be visible in the referrer etc but it would work for most other pages.

To make it work for hash it would get likely way more complicated like we would need to persist it through JS, temporarily store it somewhere and redirect accordingly. It fixes the case mentioned in the issue.

fix #13328

* show full information of URL only on extra click (#13585)

* Add option to opt in to use send beacon (#13451)

* Add option to opt in to use send beacon

* Fix JS tracker test.

* do not overrwite existing subrow metadata

* update test files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgiehl sgiehl sgiehl approved these changes

Assignees
No one assigned
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
3.8.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tsteur @sgiehl @diosmosis