Adds the confirmation to listAllAPI.twig and to userSettings.twig. There is some code redundancy between the two which I couldn't find a good way of removing.
Fixes #13711
Not sure if it's needed in listAllApi
? You could also see the token in export container, or just by typing piwik.token_auth
or something in the console... also by monitoring network requests etc. I reckon we would only do it in the personal settings screen for now? Or maybe we even don't do it at all until we removed it everywhere and replaced token_auth with something better?
cc @mattab
Or maybe we even don't do it at all until we removed it everywhere and replaced token_auth with something better?
Sounds good to me :+1:
better API authentication will be done later in https://github.com/matomo-org/matomo/issues/6559
@tsteur removed the code to require password before showing token auth. UI tests may need to be fixed.
CC @tsteur to make sure the breaking API change is ok
Looks good and works 👍 .
I looked at dependencies where we use this method and I think it be good if we could maybe disable the passwordConfirmation check when we are in CLI mode? This would eg help on the cloud.
Also I think Installation\Controller::createSuperUser
needs to be adjusted and some tests need to be fixed.