diff options
author | Stefan Giehl <stefan@matomo.org> | 2020-05-07 00:10:00 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-07 00:10:00 +0300 |
commit | 53f3e32686d848ca24295e1320e7ac50932b031e (patch) | |
tree | 22e34949ac8f2bf8bed2890cf434f157c602e230 | |
parent | 686e7495bb83ff9e6ca63109225347571d20a272 (diff) |
Require authentication when sending custom ip with tracking requests (#15888)
-rw-r--r-- | core/Tracker/Request.php | 2 | ||||
m--------- | plugins/VisitorGenerator | 0 | ||||
-rw-r--r-- | tests/PHPUnit/Integration/Tracker/VisitTest.php | 1 | ||||
-rw-r--r-- | tests/PHPUnit/Unit/Tracker/RequestTest.php | 3 |
4 files changed, 5 insertions, 1 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php index a2305317cd..48fecc103b 100644 --- a/core/Tracker/Request.php +++ b/core/Tracker/Request.php @@ -892,7 +892,7 @@ class Request if (!$this->isAuthenticated()) { Common::printDebug("WARN: Tracker API 'cip' was used with invalid token_auth"); - return IP::getIpFromHeader(); + throw new InvalidRequestParameterException("Tracker API 'cip' was used, requires valid token_auth"); } return $cip; diff --git a/plugins/VisitorGenerator b/plugins/VisitorGenerator -Subproject 65631932d80124cdde997ad9bc02ba852f7fdc0 +Subproject 1a24f7d557aa4c70ee6c1c101e7d87fafa803f6 diff --git a/tests/PHPUnit/Integration/Tracker/VisitTest.php b/tests/PHPUnit/Integration/Tracker/VisitTest.php index f46f1e707f..f7d34d3be6 100644 --- a/tests/PHPUnit/Integration/Tracker/VisitTest.php +++ b/tests/PHPUnit/Integration/Tracker/VisitTest.php @@ -34,6 +34,7 @@ class VisitTest extends IntegrationTestCase // setup the access layer FakeAccess::$superUser = true; + Fixture::createSuperUser(true); Manager::getInstance()->loadTrackerPlugins(); $pluginNames = array_keys(Manager::getInstance()->getLoadedPlugins()); $pluginNames[] = 'SitesManager'; diff --git a/tests/PHPUnit/Unit/Tracker/RequestTest.php b/tests/PHPUnit/Unit/Tracker/RequestTest.php index bab7ca4944..68aab0b949 100644 --- a/tests/PHPUnit/Unit/Tracker/RequestTest.php +++ b/tests/PHPUnit/Unit/Tracker/RequestTest.php @@ -9,6 +9,7 @@ namespace Piwik\Tests\Unit\Tracker; use Piwik\Cookie; +use Piwik\Exception\InvalidRequestParameterException; use Matomo\Network\IPUtils; use Piwik\Piwik; use Piwik\Plugins\CustomVariables\CustomVariables; @@ -435,6 +436,8 @@ class RequestTest extends UnitTestCase public function test_getIpString_ShouldDefaultToServerAddress_IfCustomIpIsSetButNotAuthenticated() { + $this->expectException(InvalidRequestParameterException::class); + $this->expectExceptionMessage('requires valid token_auth'); $request = $this->buildRequest(array('cip' => '192.192.192.192')); $this->assertEquals($_SERVER['REMOTE_ADDR'], $request->getIpString()); } |