Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracker API: cdt parameter should not require token_auth when setting a recent datetime #6110

Closed
mattab opened this issue Sep 3, 2014 · 3 comments
Closed

Tracker API: cdt parameter should not require token_auth when setting a recent datetime #6110

mattab opened this issue Sep 3, 2014 · 3 comments
Assignees
@mattab
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone
2.8.0

Comments

@mattab
Copy link
Member

mattab commented Sep 3, 2014

The goal of this ticket is to modify the Tracker API parameter cdt so that it is allowed to send cdt values within the last N seconds without passing the token_auth.

By default a user could send a tracking api request setting a custom datetime in near past without needing to authenticate with token_auth.

Tasks

  • Modify Tracker API
  • add test
  • new config setting to customise the time delay for which users can set cdt datetime values in the past N seconds.
    • Proposed default: 2 hours = 7200 seconds.
  • update the reference docs http://developer.piwik.org/api-reference/tracking-api as well as any FAQ or user guide that may mention cdt

This overall goal is to make Mobile Apps Tracking easier to use and less need of configuration in the SDK.
@mattab mattab added this to the Piwik 2.7.0 milestone Sep 3, 2014
This was referenced Sep 3, 2014
Closed
Closed
@mattab mattab added the Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. label Sep 15, 2014
@mattab mattab modified the milestones: Piwik 2.8.0, Piwik 2.7.0 Sep 22, 2014
@quba
Copy link
Contributor

quba commented Sep 23, 2014

Maybe it would be enough to set it to "visit_standard_length"?

@mattab
Copy link
Member Author

mattab commented Sep 24, 2014

I think most cases that users are offline and come back online can be a few hours long. it would be a shame to lose usage tracking data for those hours where user was disconnected or poor connection. not sure even if 2 hours is enough, maybe 4 will be better...

@mattab mattab self-assigned this Oct 8, 2014
mattab added a commit that referenced this issue Oct 9, 2014
@mattab
fixes #6110 when 'cdt' tracking Api parameter is set, require token_a…
5f40450 
…uth only when the datetime is older than 4 hours.
@mattab mattab mentioned this issue Oct 9, 2014
Merged
mattab pushed a commit that referenced this issue Oct 9, 2014
Merge pull request #6407 from piwik/6110_cdt
9c32a94 
setting 'cdt' tracker parameter in recent past (in the last 4 hours) should not require token_auth   	fixes #6110
@mattab
Copy link
Member Author

mattab commented Oct 9, 2014

doc updated in matomo-org/developer-documentation@d6f087d

@mattab mattab mentioned this issue Apr 7, 2015
Closed
@mattab mattab mentioned this issue Nov 21, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattab mattab

Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Projects
None yet
Milestone
2.8.0
Development

No branches or pull requests
2 participants
@mattab @quba