@diosmosis opened this Pull Request on January 18th 2019 Member

Adds the confirmation to listAllAPI.twig and to userSettings.twig. There is some code redundancy between the two which I couldn't find a good way of removing.

Fixes #13711

@tsteur commented on January 18th 2019 Member

Not sure if it's needed in listAllApi? You could also see the token in export container, or just by typing piwik.token_auth or something in the console... also by monitoring network requests etc. I reckon we would only do it in the personal settings screen for now? Or maybe we even don't do it at all until we removed it everywhere and replaced token_auth with something better?

@diosmosis commented on January 18th 2019 Member

cc @mattab

@mattab commented on January 21st 2019 Member

Or maybe we even don't do it at all until we removed it everywhere and replaced token_auth with something better?

Sounds good to me :+1:

better API authentication will be done later in https://github.com/matomo-org/matomo/issues/6559

@diosmosis commented on January 21st 2019 Member

Closing

@diosmosis commented on January 21st 2019 Member

Whoops forgot there was another change here

@diosmosis commented on January 22nd 2019 Member

@tsteur removed the code to require password before showing token auth. UI tests may need to be fixed.

@diosmosis commented on February 26th 2019 Member

CC @tsteur to make sure the breaking API change is ok

@tsteur commented on February 26th 2019 Member

This breaking change should be fine 👍

@tsteur commented on April 11th 2019 Member

Looks good and works 👍 .
I looked at dependencies where we use this method and I think it be good if we could maybe disable the passwordConfirmation check when we are in CLI mode? This would eg help on the cloud.

Also I think Installation\Controller::createSuperUser needs to be adjusted and some tests need to be fixed.

Powered by GitHub Issue Mirror