diff options
author | Stefan Giehl <stefan@piwik.org> | 2018-05-08 06:04:07 +0300 |
---|---|---|
committer | Matthieu Aubry <mattab@users.noreply.github.com> | 2018-05-08 06:04:07 +0300 |
commit | d5207c61df86356fc23120b4526020e948c183cc (patch) | |
tree | 47780d19d5b8e4e77a5298ccaf7732910ca24945 /plugins/PrivacyManager | |
parent | 249ba0f124cfed01fcb1a11b86323f4f9ad78f30 (diff) |
Use extra salt stored in database for userid anonymization (#12844)
* Use salt stored in database for userid anonymization
* use update script + small review changes
* fix tests
* don't hash if salt is empty
Diffstat (limited to 'plugins/PrivacyManager')
7 files changed, 91 insertions, 38 deletions
diff --git a/plugins/PrivacyManager/PrivacyManager.php b/plugins/PrivacyManager/PrivacyManager.php index 994f70a0bf..a8038a44e0 100644 --- a/plugins/PrivacyManager/PrivacyManager.php +++ b/plugins/PrivacyManager/PrivacyManager.php @@ -24,6 +24,7 @@ use Piwik\Piwik; use Piwik\Plugin; use Piwik\Plugins\Goals\Archiver; use Piwik\Plugins\Installation\FormDefaultSettings; +use Piwik\Plugins\PrivacyManager\Tracker\RequestProcessor; use Piwik\Site; use Piwik\Tracker\GoalManager; @@ -40,6 +41,8 @@ class PrivacyManager extends Plugin const OPTION_LAST_DELETE_PIWIK_LOGS = "lastDelete_piwik_logs"; const OPTION_LAST_DELETE_PIWIK_REPORTS = 'lastDelete_piwik_reports'; const OPTION_LAST_DELETE_PIWIK_LOGS_INITIAL = "lastDelete_piwik_logs_initial"; + const OPTION_USERID_SALT = 'useridsalt'; + // options for data purging feature array[configName => configSection] public static $purgeDataOptions = array( @@ -194,6 +197,7 @@ class PrivacyManager extends Plugin { $config = new Config(); $cacheContent = $config->setTrackerCacheGeneral($cacheContent); + $cacheContent[self::OPTION_USERID_SALT] = self::getUserIdSalt(); } public function getJsFiles(&$jsFiles) @@ -582,4 +586,19 @@ class PrivacyManager extends Plugin { return Db::fetchOne("SELECT MAX(idgoal) FROM " . Common::prefixTable('goal')); } + + /** + * Returns a unique salt used for pseudonimisation of user id only + * + * @return string + */ + public static function getUserIdSalt() + { + $salt = Option::get(self::OPTION_USERID_SALT); + if (empty($salt)) { + $salt = Common::getRandomString($len = 40, $alphabet = "abcdefghijklmnoprstuvwxyzABCDEFGHIJKLMNOPRSTUVWXYZ0123456789_-$"); + Option::set(self::OPTION_USERID_SALT, $salt, 1); + } + return $salt; + } } diff --git a/plugins/PrivacyManager/Tracker/RequestProcessor.php b/plugins/PrivacyManager/Tracker/RequestProcessor.php index c830cf58a0..2f75fa7213 100644 --- a/plugins/PrivacyManager/Tracker/RequestProcessor.php +++ b/plugins/PrivacyManager/Tracker/RequestProcessor.php @@ -9,6 +9,7 @@ namespace Piwik\Plugins\PrivacyManager\Tracker; use Piwik\Common; +use Piwik\Plugins\PrivacyManager\PrivacyManager; use Piwik\SettingsPiwik; use Piwik\Tracker\Request; use Piwik\Tracker; @@ -37,15 +38,27 @@ class RequestProcessor extends Tracker\RequestProcessor } } + /** + * pseudo anonymization as we need to make sure to always generate the same UserId for the same original UserID + * + * @param $userId + * @return string + */ public static function anonymizeUserId($userId) { - // pseudo anonymization as we need to make sure to always generate the same UserId for the same original UserID - return sha1($userId . SettingsPiwik::getSalt()); + $trackerCache = Tracker\Cache::getCacheGeneral(); + $salt = ''; + if (!empty($trackerCache[PrivacyManager::OPTION_USERID_SALT])) { + $salt = $trackerCache[PrivacyManager::OPTION_USERID_SALT]; + } + if(empty($salt)) { + return $userId; + } + return sha1($userId . $salt); } private function isValueSet($value) { return $value !== '' && $value !== false && $value !== null; } - } diff --git a/plugins/PrivacyManager/tests/Integration/Dao/LogDataAnonymizerTest.php b/plugins/PrivacyManager/tests/Integration/Dao/LogDataAnonymizerTest.php index 3c6a88f62c..c77303150c 100644 --- a/plugins/PrivacyManager/tests/Integration/Dao/LogDataAnonymizerTest.php +++ b/plugins/PrivacyManager/tests/Integration/Dao/LogDataAnonymizerTest.php @@ -11,11 +11,13 @@ namespace Piwik\Plugins\PrivacyManager\tests\Integration\Dao; use Piwik\Common; use Piwik\Date; use Piwik\Db; +use Piwik\Option; use Piwik\Plugins\PrivacyManager\API; use Piwik\Plugins\PrivacyManager\Dao\LogDataAnonymizer; +use Piwik\Plugins\PrivacyManager\PrivacyManager; use Piwik\Plugins\PrivacyManager\tests\Fixtures\MultipleSitesMultipleVisitsFixture; -use Piwik\Plugins\TagManager\Context\Storage\Filesystem; use Piwik\Tests\Framework\TestCase\IntegrationTestCase; +use Piwik\Tracker\Cache; /** * Class LogDataAnonymizationsTest @@ -37,6 +39,9 @@ class LogDataAnonymizerTest extends IntegrationTestCase { parent::setUp(); + Option::set(PrivacyManager::OPTION_USERID_SALT, 'simpleuseridsalt1'); + Cache::clearCacheGeneral(); + $this->anonymizer = new LogDataAnonymizer(); $this->theFixture = new MultipleSitesMultipleVisitsFixture(); $this->theFixture->setUpLocation(); diff --git a/plugins/PrivacyManager/tests/Integration/Tracker/RequestProcessorTest.php b/plugins/PrivacyManager/tests/Integration/Tracker/RequestProcessorTest.php index 3b8fc92667..f4fb25ec94 100644 --- a/plugins/PrivacyManager/tests/Integration/Tracker/RequestProcessorTest.php +++ b/plugins/PrivacyManager/tests/Integration/Tracker/RequestProcessorTest.php @@ -8,10 +8,13 @@ namespace Piwik\Plugins\PrivacyManager\tests\Integration\Tracker; +use Piwik\Option; use Piwik\Plugins\PrivacyManager\Config; +use Piwik\Plugins\PrivacyManager\PrivacyManager; use Piwik\Plugins\PrivacyManager\Tracker\RequestProcessor; use Piwik\Tests\Framework\Fixture; use Piwik\Tests\Framework\TestCase\IntegrationTestCase; +use Piwik\Tracker\Cache; use Piwik\Tracker\Request; @@ -37,6 +40,9 @@ class RequestProcessorTest extends IntegrationTestCase { parent::setUp(); + Option::set(PrivacyManager::OPTION_USERID_SALT, 'simpleuseridsalt1'); + Cache::clearCacheGeneral(); + $this->requestProcessor = new RequestProcessor(); $this->config = new Config(); @@ -75,7 +81,7 @@ class RequestProcessorTest extends IntegrationTestCase $request = $this->makeRequest(array('idsite' => '3', 'uid' => 'foobar', 'ec_id' => 'baz')); $this->requestProcessor->manipulateRequest($request); - $this->assertSame(array('idsite' => '3', 'uid' => '8843d7f92416211de9ebb963ff4ce28125932878', 'ec_id' => 'baz'), $request->getParams()); + $this->assertSame(array('idsite' => '3', 'uid' => '11d45007a54ea2dce76e57b9a1c2f0644b79687e', 'ec_id' => 'baz'), $request->getParams()); } public function test_manipulateRequest_anonymizeOrderIdOnly() diff --git a/plugins/PrivacyManager/tests/System/AnonymizationTest.php b/plugins/PrivacyManager/tests/System/AnonymizationTest.php index 87d2bdc6c5..8f3ea0bf0c 100644 --- a/plugins/PrivacyManager/tests/System/AnonymizationTest.php +++ b/plugins/PrivacyManager/tests/System/AnonymizationTest.php @@ -10,9 +10,12 @@ namespace Piwik\Plugins\PrivacyManager\tests\System; use Piwik\Common; use Piwik\Db; +use Piwik\Option; use Piwik\Plugins\PrivacyManager\API; +use Piwik\Plugins\PrivacyManager\PrivacyManager; use Piwik\Plugins\PrivacyManager\tests\Fixtures\FewVisitsAnonymizedFixture; use Piwik\Tests\Framework\TestCase\SystemTestCase; +use Piwik\Tracker\Cache; /** * @group PrivacyManager @@ -31,6 +34,13 @@ class AnonymizationTest extends SystemTestCase */ private $api; + public static function provideContainerConfigBeforeClass() + { + Option::set(PrivacyManager::OPTION_USERID_SALT, 'simpleuseridsalt1'); + Cache::clearCacheGeneral(); + return []; + } + public function setUp() { parent::setUp(); diff --git a/plugins/PrivacyManager/tests/System/expected/anonymizeVisitInformation_anonymizeUserId.json b/plugins/PrivacyManager/tests/System/expected/anonymizeVisitInformation_anonymizeUserId.json index c3eca4e8b5..f849d9d147 100644 --- a/plugins/PrivacyManager/tests/System/expected/anonymizeVisitInformation_anonymizeUserId.json +++ b/plugins/PrivacyManager/tests/System/expected/anonymizeVisitInformation_anonymizeUserId.json @@ -33,7 +33,7 @@ "referer_name": "www.example.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.example.com\/", - "user_id": "5484eb1bcd82eefee5b45ca23185356f3ff76d79", + "user_id": "1cbc1afc0ca18add031a06d253172a0b0777ab12", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "2", "visit_exit_idaction_name": "7", @@ -87,7 +87,7 @@ "referer_name": "Google", "referer_type": "Referrers_SearchEngines", "referer_url": "http:\/\/www.google.com?q=test", - "user_id": "6f1ccf4b4463998f3c0d1e922b2bccef1489705c", + "user_id": "658ce86d49fceb7f47d5d00b16d193a42a876d73", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "25", "visit_exit_idaction_name": "1", @@ -141,7 +141,7 @@ "referer_name": "www.example.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.example.com\/", - "user_id": "6f1ccf4b4463998f3c0d1e922b2bccef1489705c", + "user_id": "658ce86d49fceb7f47d5d00b16d193a42a876d73", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "25", "visit_exit_idaction_name": "1", @@ -194,7 +194,7 @@ "location_ip": "156.5.3.202", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "dbfd79b34328023f7ac17983203294c7afc639fb", + "user_id": "82c4df6b68f94557f4885c39b4aadeea8956e399", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "34", "visit_exit_idaction_name": "3", @@ -249,7 +249,7 @@ "referer_name": "Google", "referer_type": "Referrers_SearchEngines", "referer_url": "http:\/\/www.google.com?q=test", - "user_id": "dbfd79b34328023f7ac17983203294c7afc639fb", + "user_id": "82c4df6b68f94557f4885c39b4aadeea8956e399", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "34", "visit_exit_idaction_name": "3", @@ -303,7 +303,7 @@ "referer_name": "www.example.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.example.com\/", - "user_id": "dbfd79b34328023f7ac17983203294c7afc639fb", + "user_id": "82c4df6b68f94557f4885c39b4aadeea8956e399", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "34", "visit_exit_idaction_name": "3", @@ -356,7 +356,7 @@ "location_ip": "156.5.3.203", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "5ea465f8f6fc61a020ef3221420690435a2c8e87", + "user_id": "37c8afc9eb9829555bc047204845f7fa64c9e2b2", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "39", "visit_exit_idaction_name": "5", @@ -410,7 +410,7 @@ "referer_name": "www.example.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.example.com", - "user_id": "5ea465f8f6fc61a020ef3221420690435a2c8e87", + "user_id": "37c8afc9eb9829555bc047204845f7fa64c9e2b2", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "39", "visit_exit_idaction_name": "5", @@ -464,7 +464,7 @@ "referer_name": "www.facebook.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.facebook.com\/foo", - "user_id": "5ea465f8f6fc61a020ef3221420690435a2c8e87", + "user_id": "37c8afc9eb9829555bc047204845f7fa64c9e2b2", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "39", "visit_exit_idaction_name": "5", @@ -517,7 +517,7 @@ "location_ip": "156.5.3.203", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "5ea465f8f6fc61a020ef3221420690435a2c8e87", + "user_id": "37c8afc9eb9829555bc047204845f7fa64c9e2b2", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "39", "visit_exit_idaction_name": "5", @@ -571,7 +571,7 @@ "referer_name": "www.matomo.org", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.matomo.org", - "user_id": "5ea465f8f6fc61a020ef3221420690435a2c8e87", + "user_id": "37c8afc9eb9829555bc047204845f7fa64c9e2b2", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "39", "visit_exit_idaction_name": "5", @@ -626,7 +626,7 @@ "referer_name": "Google", "referer_type": "Referrers_SearchEngines", "referer_url": "http:\/\/www.google.com?q=test", - "user_id": "5ea465f8f6fc61a020ef3221420690435a2c8e87", + "user_id": "37c8afc9eb9829555bc047204845f7fa64c9e2b2", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "39", "visit_exit_idaction_name": "5", @@ -680,7 +680,7 @@ "referer_name": "www.innocraft.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.innocraft.com", - "user_id": "5ea465f8f6fc61a020ef3221420690435a2c8e87", + "user_id": "37c8afc9eb9829555bc047204845f7fa64c9e2b2", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "39", "visit_exit_idaction_name": "5", @@ -734,7 +734,7 @@ "referer_name": "developer.matomo.org", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/developer.matomo.org", - "user_id": "93daa0102b94a59020ef1dc07183013489e99d14", + "user_id": "986e23255ba51f9abdc773c237915d0889689a65", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "42", "visit_exit_idaction_name": "1", @@ -788,7 +788,7 @@ "referer_name": "www.matomo.org", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.matomo.org", - "user_id": "10b7b3f2a3a3cbc0feec8b2707a9f4ee4fa88eb9", + "user_id": "716d5aa3cefa064d0383a6a4b7a2cd45dd186bcd", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "46", "visit_exit_idaction_name": "48", @@ -840,7 +840,7 @@ "location_ip": "156.5.3.205", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "10b7b3f2a3a3cbc0feec8b2707a9f4ee4fa88eb9", + "user_id": "716d5aa3cefa064d0383a6a4b7a2cd45dd186bcd", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "46", "visit_exit_idaction_name": "3", @@ -894,7 +894,7 @@ "referer_name": "ios.matomo.org", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/ios.matomo.org", - "user_id": "f92bfd7922b77e320bc184e6d5a0596a7a024568", + "user_id": "592ebd8ac1a29b01ff603083ee011c29ff735955", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "51", "visit_exit_idaction_name": "5", @@ -947,7 +947,7 @@ "location_ip": "156.5.3.206", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "f92bfd7922b77e320bc184e6d5a0596a7a024568", + "user_id": "592ebd8ac1a29b01ff603083ee011c29ff735955", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "51", "visit_exit_idaction_name": "5", @@ -1001,7 +1001,7 @@ "referer_name": "www.facebook.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.facebook.com\/bar", - "user_id": "f92bfd7922b77e320bc184e6d5a0596a7a024568", + "user_id": "592ebd8ac1a29b01ff603083ee011c29ff735955", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "51", "visit_exit_idaction_name": "5", @@ -1054,7 +1054,7 @@ "location_ip": "156.5.3.206", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "f92bfd7922b77e320bc184e6d5a0596a7a024568", + "user_id": "592ebd8ac1a29b01ff603083ee011c29ff735955", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "51", "visit_exit_idaction_name": "5", @@ -1108,7 +1108,7 @@ "referer_name": "hello.example.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/hello.example.com", - "user_id": "10ad1da713b1d6786f0bfefb74264ab021ff11a9", + "user_id": "eb39ae7f96668852274895a4d1519f2e96bd1183", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "54", "visit_exit_idaction_name": "1", @@ -1161,7 +1161,7 @@ "location_ip": "156.5.3.207", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "10ad1da713b1d6786f0bfefb74264ab021ff11a9", + "user_id": "eb39ae7f96668852274895a4d1519f2e96bd1183", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "54", "visit_exit_idaction_name": "1", @@ -1215,7 +1215,7 @@ "referer_name": "example.matomo.org", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/example.matomo.org\/mypath", - "user_id": "19c222fa6e2f7922fa51e96f940430d119bd17e8", + "user_id": "28da747e56b01c5ffc1e0ed9eebc309e68695d09", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "56", "visit_exit_idaction_name": "3", @@ -1268,7 +1268,7 @@ "location_ip": "156.5.3.208", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "19c222fa6e2f7922fa51e96f940430d119bd17e8", + "user_id": "28da747e56b01c5ffc1e0ed9eebc309e68695d09", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "56", "visit_exit_idaction_name": "3", @@ -1322,7 +1322,7 @@ "referer_name": "www.facebook.com", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/www.facebook.com\/bar", - "user_id": "cb9a53c4ce1dc123180e27f19ad684d81c735738", + "user_id": "4891bdef43103f2093c37e6d1fd50f27376af1a4", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "62", "visit_exit_idaction_name": "5", @@ -1375,7 +1375,7 @@ "location_ip": "156.5.3.209", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "cb9a53c4ce1dc123180e27f19ad684d81c735738", + "user_id": "4891bdef43103f2093c37e6d1fd50f27376af1a4", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "62", "visit_exit_idaction_name": "5", @@ -1428,7 +1428,7 @@ "location_ip": "156.5.3.210", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "8311682d2bcc02320e985cf216668f1c13ed47c4", + "user_id": "0217dc4258e74aa8d84a32764bda4ae149d78d2b", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "65", "visit_exit_idaction_name": "66", @@ -1481,7 +1481,7 @@ "referer_name": "developer.matomo.org", "referer_type": "Referrers_Websites", "referer_url": "http:\/\/developer.matomo.org?x=1", - "user_id": "26a1aa089f52e2716f72b1e105ca0cec0fd21125", + "user_id": "b79121065f7b4b564b461d87ac5b9e1e32a9d3dc", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "68", "visit_exit_idaction_name": "3", @@ -1534,7 +1534,7 @@ "location_ip": "156.5.3.211", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "26a1aa089f52e2716f72b1e105ca0cec0fd21125", + "user_id": "b79121065f7b4b564b461d87ac5b9e1e32a9d3dc", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "68", "visit_exit_idaction_name": "3", @@ -1587,7 +1587,7 @@ "location_ip": "156.5.3.211", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "26a1aa089f52e2716f72b1e105ca0cec0fd21125", + "user_id": "b79121065f7b4b564b461d87ac5b9e1e32a9d3dc", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "68", "visit_exit_idaction_name": "3", @@ -1640,7 +1640,7 @@ "location_ip": "156.5.3.211", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "26a1aa089f52e2716f72b1e105ca0cec0fd21125", + "user_id": "b79121065f7b4b564b461d87ac5b9e1e32a9d3dc", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "68", "visit_exit_idaction_name": "3", @@ -1693,7 +1693,7 @@ "location_ip": "156.5.3.211", "referer_type": "Referrers_DirectEntry", "referer_url": "", - "user_id": "26a1aa089f52e2716f72b1e105ca0cec0fd21125", + "user_id": "b79121065f7b4b564b461d87ac5b9e1e32a9d3dc", "visit_entry_idaction_name": "1", "visit_entry_idaction_url": "68", "visit_exit_idaction_name": "3", diff --git a/plugins/PrivacyManager/tests/System/expected/test_userIdAnonymized__Live.getLastVisitsDetails_year.xml b/plugins/PrivacyManager/tests/System/expected/test_userIdAnonymized__Live.getLastVisitsDetails_year.xml index adb6cfbd5f..29801082dd 100644 --- a/plugins/PrivacyManager/tests/System/expected/test_userIdAnonymized__Live.getLastVisitsDetails_year.xml +++ b/plugins/PrivacyManager/tests/System/expected/test_userIdAnonymized__Live.getLastVisitsDetails_year.xml @@ -21,7 +21,7 @@ - <userId>8843d7f92416211de9ebb963ff4ce28125932878</userId> + <userId>50eb932ab11b4d4d93ecba3833f8d9a149712728</userId> <visitorType>new</visitorType> <visitorTypeIcon /> <visitConverted>0</visitConverted> |