@jisse44 opened this Issue on December 21st 2020

Matomo 3.14.1 to 4.0.5 :

We have hundreds of Wordpress websites using Matomo 3.14.1, with a custom plugin displaying an iFrame in dashboard with Widget iframed:
https://website.url/piwik/index.php?module=Widgetize&action=iframe&widget=1&moduleToWidgetize=VisitsSummary&actionToWidgetize=getSparklines&idSite=1&period=day&date=2020-12-20&disableLink=1&widget=1&token_auth=xxxxx

With the update to 4.0.5, we have the error message
"This user has super user access. For embedding widgets super user token auths are not allowed. See our faq for more information."

OK, so the FAQ says:

"And if you are using Matomo 4 or above, and want to be able to use token_auths of users with write or admin access with your iframe URLs, you will have to add the setting:

enable_framed_allow_write_admin_token_auth=1
"

But when configured to 1 , enable_framed_allow_write_admin_token_auth doesn't seems to work.

I know it's not recommended, and for new installations we will create special user with view only, but as I said, we don't want to do this for the hundred existing sites.

@tsteur commented on December 21st 2020 Member

@jisse44 I just tried to reproduce this. I think it's actually supposed to work like this that it only allows embedding widgets for write and admin access, but never for super user access. Are the websites all using the same user? Would it be easily possible to change that user to an admin maybe?

@jisse44 commented on December 23rd 2020

OK, that is the trick, my user is "super user", not "admin" ...

Is it possible to create and get token for user from console ?

@tsteur commented on December 23rd 2020 Member

Hi @jisse44 It's currently only possible through the UsersManager.createAppSpecificTokenAuth API. You could write a bash script that calls the API if that helps?

@jisse44 commented on January 27th 2021

Hi,

sorry for the delay, but yes I finally managed migration with a bash script, by getting read only user token_auth in DB before the upgrade.

@tsteur commented on January 27th 2021 Member

Great to hear @jisse44 thanks for letting us know 👍

This Issue was closed on January 27th 2021
Powered by GitHub Issue Mirror