diff options
author | mattab <matthieu.aubry@gmail.com> | 2014-10-09 08:40:36 +0400 |
---|---|---|
committer | mattab <matthieu.aubry@gmail.com> | 2014-10-09 08:40:36 +0400 |
commit | 5f4045098c474286c14e94d3c274e02383a580c1 (patch) | |
tree | b1c8205261291dcb664d9bceedf1c2800450145d /core | |
parent | 46141463373d762461825eb53c2dde43c65f9060 (diff) |
fixes #6110 when 'cdt' tracking Api parameter is set, require token_auth only when the datetime is older than 4 hours.
Diffstat (limited to 'core')
-rw-r--r-- | core/Tracker/Request.php | 46 |
1 files changed, 39 insertions, 7 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php index 8f18296278..3f9bc56d80 100644 --- a/core/Tracker/Request.php +++ b/core/Tracker/Request.php @@ -35,6 +35,8 @@ class Request const UNKNOWN_RESOLUTION = 'unknown'; + const CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN = 14400; // 4 hours + /** * @param $params * @param bool|string $tokenAuth @@ -327,18 +329,50 @@ class Request protected function getCustomTimestamp() { - // TODO window $cdt = $this->getParam('cdt'); + if (empty($cdt)) { + return false; + } if (!is_numeric($cdt)) { $cdt = strtotime($cdt); } + if (!$this->isTimestampValid($cdt, $this->timestamp)) { + Common::printDebug(sprintf("Datetime %s is not valid", date("Y-m-d H:i:m", $cdt))); + return false; + } + + // If timestamp in the past, token_auth is required + $timeFromNow = $this->timestamp - $cdt; + $isTimestampRecent = $timeFromNow < self::CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN; + if (!$isTimestampRecent) { + Common::printDebug(sprintf("Custom timestamp is %s seconds old, requires &token_auth...", $timeFromNow)); + $this->checkUserIsAuthenticated(); + } return $cdt; } - protected function isTimestampValid($time) + private function checkUserIsAuthenticated() + { + if (!$this->isAuthenticated()) { + throw new Exception("You must specify a valid &token_auth= parameter in order to use the &cip= parameter and/or the &cdt= parameter (when setting cdt to a datatime older than a few hours)."); + } + } + + + /** + * Returns true if the timestamp is valid ie. timestamp is sometime in the last 10 years and is not in the future. + * + * @param $time int Timestamp to test + * @param $now int Current timestamp + * @return bool + */ + protected function isTimestampValid($time, $now = null) { - return $time <= $this->getCurrentTimestamp() - && $time > $this->getCurrentTimestamp() - 10 * 365 * 86400; + if(empty($now)) { + $now = $this->getCurrentTimestamp(); + } + return $time <= $now + && $time > $now - 10 * 365 * 86400; } public function getIdSite() @@ -614,9 +648,7 @@ class Request return IP::getIpFromHeader(); } - if (!$this->isAuthenticated()) { - throw new Exception("You must specify token_auth parameter to use the 'cip' parameter."); - } + $this->checkUserIsAuthenticated(); return $cip; } } |