diff options
author | Matthieu Aubry <matt@piwik.org> | 2014-10-09 15:24:42 +0400 |
---|---|---|
committer | Matthieu Aubry <matt@piwik.org> | 2014-10-09 15:24:42 +0400 |
commit | 9c32a948e1fd70c1db09147f634cde4a6bd4e5c4 (patch) | |
tree | 9f49bb9b66bc3c0f3166508838473302052f432b /core | |
parent | 3f6141c12df003838d45cb2fa60b9ea49f4d9dac (diff) | |
parent | cba98d0124a52a13be92e0bd19230592832e63a5 (diff) |
Merge pull request #6407 from piwik/6110_cdt
setting 'cdt' tracker parameter in recent past (in the last 4 hours) should not require token_auth fixes #6110
Diffstat (limited to 'core')
-rw-r--r-- | core/Tracker.php | 57 | ||||
-rw-r--r-- | core/Tracker/Request.php | 93 | ||||
-rw-r--r-- | core/Tracker/Visit.php | 1 |
3 files changed, 69 insertions, 82 deletions
diff --git a/core/Tracker.php b/core/Tracker.php index 72bd3cd289..bd72e04920 100644 --- a/core/Tracker.php +++ b/core/Tracker.php @@ -44,9 +44,6 @@ class Tracker const LENGTH_HEX_ID_STRING = 16; const LENGTH_BINARY_ID = 8; - protected static $forcedDateTime = null; - protected static $forcedIpString = null; - protected static $pluginsNotToLoad = array(); protected static $pluginsToLoad = array(); @@ -90,21 +87,9 @@ class Tracker public function clear() { - self::$forcedIpString = null; - self::$forcedDateTime = null; $this->stateValid = self::STATE_NOTHING_TO_NOTICE; } - public static function setForceIp($ipString) - { - self::$forcedIpString = $ipString; - } - - public static function setForceDateTime($dateTime) - { - self::$forcedDateTime = $dateTime; - } - /** * Do not load the specified plugins (used during testing, to disable Provider plugin) * @param array $plugins @@ -488,15 +473,13 @@ class Tracker /** * Initialization + * @param Request $request */ protected function init(Request $request) { $this->loadTrackerPlugins($request); - $this->handleTrackingApi($request); $this->handleDisabledTracker(); $this->handleEmptyRequest($request); - - Common::printDebug("Current datetime: " . date("Y-m-d H:i:s", $request->getCurrentTimestamp())); } /** @@ -748,29 +731,6 @@ class Tracker return Common::getRequestVar('token_auth', false); } - /** - * This method allows to set custom IP + server time + visitor ID, when using Tracking API. - * These two attributes can be only set by the Super User (passing token_auth). - */ - protected function handleTrackingApi(Request $request) - { - if (!$request->isAuthenticated()) { - return; - } - - // Custom IP to use for this visitor - $customIp = $request->getParam('cip'); - if (!empty($customIp)) { - $this->setForceIp($customIp); - } - - // Custom server date time to use - $customDatetime = $request->getParam('cdt'); - if (!empty($customDatetime)) { - $this->setForceDateTime($customDatetime); - } - } - public static function setTestEnvironment($args = null, $requestMethod = null) { if (is_null($args)) { @@ -816,18 +776,6 @@ class Tracker \Piwik\Plugins\PrivacyManager\IPAnonymizer::activate(); } - // Custom IP to use for this visitor - $customIp = Common::getRequestVar('cip', false, null, $args); - if (!empty($customIp)) { - self::setForceIp($customIp); - } - - // Custom server date time to use - $customDatetime = Common::getRequestVar('cdt', false, null, $args); - if (!empty($customDatetime)) { - self::setForceDateTime($customDatetime); - } - $pluginsDisabled = array('Provider'); // Disable provider plugin, because it is so slow to do many reverse ip lookups @@ -870,8 +818,7 @@ class Tracker try { if ($this->isVisitValid()) { - $request->setForceDateTime(self::$forcedDateTime); - $request->setForceIp(self::$forcedIpString); + Common::printDebug("Current datetime: " . date("Y-m-d H:i:s", $request->getCurrentTimestamp())); $visit = $this->getNewVisitObject(); $visit->setRequest($request); diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php index 212abbd0d2..aad200660f 100644 --- a/core/Tracker/Request.php +++ b/core/Tracker/Request.php @@ -35,6 +35,8 @@ class Request const UNKNOWN_RESOLUTION = 'unknown'; + const CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN = 14400; // 4 hours + /** * @param $params * @param bool|string $tokenAuth @@ -47,7 +49,6 @@ class Request $this->params = $params; $this->tokenAuth = $tokenAuth; $this->timestamp = time(); - $this->enforcedIp = false; // When the 'url' and referrer url parameter are not given, we might be in the 'Simple Image Tracker' mode. // The URL can default to the Referrer, which will be in this case @@ -319,13 +320,54 @@ class Request public function getCurrentTimestamp() { + $cdt = $this->getCustomTimestamp(); + if(!empty($cdt)) { + return $cdt; + } return $this->timestamp; } - protected function isTimestampValid($time) + protected function getCustomTimestamp() + { + $cdt = $this->getParam('cdt'); + if (empty($cdt)) { + return false; + } + if (!is_numeric($cdt)) { + $cdt = strtotime($cdt); + } + if (!$this->isTimestampValid($cdt, $this->timestamp)) { + Common::printDebug(sprintf("Datetime %s is not valid", date("Y-m-d H:i:m", $cdt))); + return false; + } + + // If timestamp in the past, token_auth is required + $timeFromNow = $this->timestamp - $cdt; + $isTimestampRecent = $timeFromNow < self::CUSTOM_TIMESTAMP_DOES_NOT_REQUIRE_TOKENAUTH_WHEN_NEWER_THAN; + if (!$isTimestampRecent) { + if(!$this->isAuthenticated()) { + Common::printDebug(sprintf("Custom timestamp is %s seconds old, requires &token_auth...", $timeFromNow)); + Common::printDebug("WARN: Tracker API 'cdt' was used with invalid token_auth"); + return false; + } + } + return $cdt; + } + + /** + * Returns true if the timestamp is valid ie. timestamp is sometime in the last 10 years and is not in the future. + * + * @param $time int Timestamp to test + * @param $now int Current timestamp + * @return bool + */ + protected function isTimestampValid($time, $now = null) { - return $time <= $this->getCurrentTimestamp() - && $time > $this->getCurrentTimestamp() - 10 * 365 * 86400; + if(empty($now)) { + $now = $this->getCurrentTimestamp(); + } + return $time <= $now + && $time > $now - 10 * 365 * 86400; } public function getIdSite() @@ -521,33 +563,11 @@ class Request public function getIp() { - if (!empty($this->enforcedIp)) { - $ipString = $this->enforcedIp; - } else { - $ipString = IP::getIpFromHeader(); - } - + $ipString = $this->getIpString(); $ip = IP::P2N($ipString); return $ip; } - public function setForceIp($ip) - { - if (!empty($ip)) { - $this->enforcedIp = $ip; - } - } - - public function setForceDateTime($dateTime) - { - if (!is_numeric($dateTime)) { - $dateTime = strtotime($dateTime); - } - if (!empty($dateTime)) { - $this->timestamp = $dateTime; - } - } - public function getForcedUserId() { $userId = $this->getParam('uid'); @@ -611,4 +631,23 @@ class Request { return substr( sha1( $userId ), 0, 16); } + + /** + * @return mixed|string + * @throws Exception + */ + private function getIpString() + { + $cip = $this->getParam('cip'); + + if(empty($cip)) { + return IP::getIpFromHeader(); + } + + if(!$this->isAuthenticated()) { + Common::printDebug("WARN: Tracker API 'cip' was used with invalid token_auth"); + return IP::getIpFromHeader(); + } + return $cip; + } } diff --git a/core/Tracker/Visit.php b/core/Tracker/Visit.php index 0ce45c3659..c8fb12d389 100644 --- a/core/Tracker/Visit.php +++ b/core/Tracker/Visit.php @@ -467,6 +467,7 @@ class Visit implements VisitInterface $debugVisitInfo = $this->visitorInfo; $debugVisitInfo['idvisitor'] = bin2hex($debugVisitInfo['idvisitor']); $debugVisitInfo['config_id'] = bin2hex($debugVisitInfo['config_id']); + $debugVisitInfo['location_ip'] = IP::N2P($debugVisitInfo['location_ip']); Common::printDebug($debugVisitInfo); } |