You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, this no longer works and Piwik returns an "invalid username and password" error.
This was working fine before 2.15.0 and is clearly a regression, as I have checked the correctness of the username and token_auth for every single user and they match exactly what the Piwik admin UI shows (logically, because they were never changed).
Any chance we could get a hotfix for this?
EDIT: Well, this is strange, I see no changes to logme in Piwik between the last stable and 2.15.0. Still, I am absolutely sure this used to work before. I'm going to do more research, see if I can find anything out at all.
The text was updated successfully, but these errors were encountered:
TheLastProject
changed the title
Logme token_auth broken
logme login token_auth authentication broken
Oct 22, 2015
I can work around this by editing the authenticateAndRedirect function in plugins/Login/Controller.php.
I changed the code to not do $this->auth->setPassword($password) or $this->auth->setPasswordHash($password), but instead do $this->auth->setTokenAuth($password).
Obviously, this is not the correct way to do these things. The FAQ entry states using an md5 of the pass. However, token_auth has always worked and the changelog says nothing about changes here. Therefore, I still believe this is a regression. Are we really supposed to use an md5 of the password these days, or is there another way to use token_auth instead?
Well, I decided to bite the bullet and generate a new password for every user (still doable) and save the md5sum of that in my CMS. The documentation does talk about the md5 of the pass, so I suppose my earlier wrong implementation worked out of pure luck.
I will close this ticket now, as I have managed to fix it and I believe the issue lied fully on my side and I just managed to make myself believe token_auth was the correct way to do this. Because an incorrect way worked earlier doesn't mean Piwik should ensure that way keeps working.
Sorry for the ticket, and thanks a million for Piwik, the new design looks great!
I just updated Piwik to 2.15.0. Unfortunately, logme has been broken.
Say we have user
testuser
with token_authabcdefghijklmnopqrstuvwxyz
who wants to look at idSite8
.Normally, I log them in with the following URL:
https://example.com/piwik/index.php?module=Login&action=logme&login=testuser&password=abcdefghijklmnopqrstuvwxyz&idSite=8
However, this no longer works and Piwik returns an "invalid username and password" error.
This was working fine before 2.15.0 and is clearly a regression, as I have checked the correctness of the username and token_auth for every single user and they match exactly what the Piwik admin UI shows (logically, because they were never changed).
Any chance we could get a hotfix for this?
EDIT: Well, this is strange, I see no changes to logme in Piwik between the last stable and 2.15.0. Still, I am absolutely sure this used to work before. I'm going to do more research, see if I can find anything out at all.
The text was updated successfully, but these errors were encountered: