Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentification - Token #799

Closed
anonymous-matomo-user opened this issue Jun 14, 2009 · 1 comment
Closed

Authentification - Token #799

anonymous-matomo-user opened this issue Jun 14, 2009 · 1 comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. Critical Indicates the severity of an issue is very critical and the issue has a very high priority. worksforme The issue cannot be reproduced and things work as intended.
Milestone

Comments

@anonymous-matomo-user
Copy link

Unfortunetely i have made a mistake in creating the url for access a piwik table from outside:

http://..url../piwik/?module=API&method=VisitsSummary.getVisits&idSite=1&date=today&period=day&format=html&filter_limit=10&token_auth%20=ecb47dbe1601a91c668653bfd2c05d3b

As you can see, after the token_auth i have one (1) space.
Funny now, becuase this user has NO access, but can see the result!
If the url is given in correct format (no space between token_auth and the =, the access is forbidden (as it should):
You can't access this resource as it requires a 'view' access for the website id = 1.

But further funny, if there are 2 spaces (1 BEFORE the = and 1 after like: token_auth%20=%20ecb47dbe1601a91c668653bfd2c05d3b
access is allowed!

This seems to me as a heavy bug.

Keywords: authentification,token,access

@robocoder
Copy link
Contributor

Unable to reproduce. Please check that the anonymous user doesn't have View access.

@anonymous-matomo-user anonymous-matomo-user added this to the Piwik 0.4.1 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. Critical Indicates the severity of an issue is very critical and the issue has a very high priority. worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Development

No branches or pull requests

2 participants