fixes #6110 when 'cdt' tracking Api parameter is set, require token_auth only when the datetime is older than 4 hours.

author: mattab <matthieu.aubry@gmail.com> 2014-10-09 08:40:36 +0400
committer: mattab <matthieu.aubry@gmail.com> 2014-10-09 08:40:36 +0400
commit: 5f4045098c474286c14e94d3c274e02383a580c1 (patch)
tree: b1c8205261291dcb664d9bceedf1c2800450145d /core
parent: 46141463373d762461825eb53c2dde43c65f9060 (diff)
1 files changed, 39 insertions, 7 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php
index 8f18296278..3f9bc56d80 100644
--- a/core/Tracker/Request.php
+++ b/core/Tracker/Request.php
@@ -35,6 +35,8 @@ class Request
 
     const UNKNOWN_RESOLUTION = 'unknown';
 
+    const CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN = 14400; // 4 hours
+
     /**
      * @param $params
      * @param bool|string $tokenAuth
@@ -327,18 +329,50 @@ class Request
 
     protected function getCustomTimestamp()
     {
-        // TODO window
         $cdt = $this->getParam('cdt');
+        if (empty($cdt)) {
+            return false;
+        }
         if (!is_numeric($cdt)) {
             $cdt = strtotime($cdt);
         }
+        if (!$this->isTimestampValid($cdt, $this->timestamp)) {
+            Common::printDebug(sprintf("Datetime %s is not valid", date("Y-m-d H:i:m", $cdt)));
+            return false;
+        }
+
+        // If timestamp in the past, token_auth is required
+        $timeFromNow = $this->timestamp - $cdt;
+        $isTimestampRecent = $timeFromNow < self::CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN;
+        if (!$isTimestampRecent) {
+            Common::printDebug(sprintf("Custom timestamp is %s seconds old, requires &token_auth...", $timeFromNow));
+            $this->checkUserIsAuthenticated();
+        }
         return $cdt;
     }
 
-    protected function isTimestampValid($time)
+    private function checkUserIsAuthenticated()
+    {
+        if (!$this->isAuthenticated()) {
+            throw new Exception("You must specify a valid &token_auth= parameter in order to use the &cip= parameter and/or the &cdt= parameter (when setting cdt to a datatime older than a few hours).");
+        }
+    }
+
+
+    /**
+     * Returns true if the timestamp is valid ie. timestamp is sometime in the last 10 years and is not in the future.
+     *
+     * @param $time int Timestamp to test
+     * @param $now int Current timestamp
+     * @return bool
+     */
+    protected function isTimestampValid($time, $now = null)
     {
-        return $time <= $this->getCurrentTimestamp()
-            && $time > $this->getCurrentTimestamp() - 10 * 365 * 86400;
+        if(empty($now)) {
+            $now = $this->getCurrentTimestamp();
+        }
+        return $time <= $now
+            && $time > $now - 10 * 365 * 86400;
     }
 
     public function getIdSite()
@@ -614,9 +648,7 @@ class Request
             return IP::getIpFromHeader();
         }
 
-        if (!$this->isAuthenticated()) {
-            throw new Exception("You must specify token_auth parameter to use the 'cip' parameter.");
-        }
+        $this->checkUserIsAuthenticated();
         return $cip;
     }
 }
author	mattab <matthieu.aubry@gmail.com>	2014-10-09 08:40:36 +0400
committer	mattab <matthieu.aubry@gmail.com>	2014-10-09 08:40:36 +0400
commit	5f4045098c474286c14e94d3c274e02383a580c1 (patch)
tree	b1c8205261291dcb664d9bceedf1c2800450145d /core
parent	46141463373d762461825eb53c2dde43c65f9060 (diff)