Adds the confirmation to listAllAPI.twig and to userSettings.twig. There is some code redundancy between the two which I couldn't find a good way of removing.
Not sure if it's needed in
listAllApi? You could also see the token in export container, or just by typing
piwik.token_auth or something in the console... also by monitoring network requests etc. I reckon we would only do it in the personal settings screen for now? Or maybe we even don't do it at all until we removed it everywhere and replaced token_auth with something better?
Or maybe we even don't do it at all until we removed it everywhere and replaced token_auth with something better?
Sounds good to me :+1:
better API authentication will be done later in https://github.com/matomo-org/matomo/issues/6559
Whoops forgot there was another change here
@tsteur removed the code to require password before showing token auth. UI tests may need to be fixed.
This breaking change should be fine 👍
Looks good and works 👍 .
I looked at dependencies where we use this method and I think it be good if we could maybe disable the passwordConfirmation check when we are in CLI mode? This would eg help on the cloud.
Also I think
Installation\Controller::createSuperUser needs to be adjusted and some tests need to be fixed.