Tracking API: when overriding the request datetime with an invalid token_auth, don't track the request (#10899)

* refs #10890 ignore tracking requests with custom timestamp, accept timestamps up to 1 day in past, added config for timestamps that require auth

* fix test

* update travis yml

* update travis

* update travis

* fix test

* added changelog entry

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* .travis.yml file is out of date, auto-updating .travis.yml file.

* New config.ini.php setting: `tracking_requests_require_authentication_when_custom_timestamp_newer_than`

3 files changed, 15 insertions, 4 deletions

diff --git a/tests/PHPUnit/Fixtures/ManySitesImportedLogs.php b/tests/PHPUnit/Fixtures/ManySitesImportedLogs.php
index 3a107c26bd..f89fc4948b 100644
--- a/tests/PHPUnit/Fixtures/ManySitesImportedLogs.php
+++ b/tests/PHPUnit/Fixtures/ManySitesImportedLogs.php
@@ -41,6 +41,8 @@ class ManySitesImportedLogs extends Fixture
         GeoIp::$geoIPDatabaseDir = 'tests/lib/geoip-files';
         LocationProvider::setCurrentProvider('geoip_php');
 
+        self::createSuperUser();
+
         $this->trackVisits();
         $this->setupSegments();
     }
diff --git a/tests/PHPUnit/Fixtures/OneVisitorTwoVisits.php b/tests/PHPUnit/Fixtures/OneVisitorTwoVisits.php
index d7fe5e51a6..c190cb2f77 100644
--- a/tests/PHPUnit/Fixtures/OneVisitorTwoVisits.php
+++ b/tests/PHPUnit/Fixtures/OneVisitorTwoVisits.php
@@ -13,6 +13,7 @@ use Piwik\Db;
 use Piwik\Plugins\Goals\API as APIGoals;
 use Piwik\Plugins\SitesManager\API as APISitesManager;
 use Piwik\Tests\Framework\Fixture;
+use Piwik\Tracker\Cache;
 
 /**
  * This fixture adds one website and tracks two visits by one visitor.
@@ -84,8 +85,12 @@ class OneVisitorTwoVisits extends Fixture
             APISitesManager::getInstance()->setSiteSpecificUserAgentExcludeEnabled(false);
         }
 
+        self::createSuperUser();
         $t = self::getTracker($idSite, $dateTime, $defaultInit = true);
 
+        Cache::clearCacheGeneral();
+        Cache::regenerateCacheWebsiteAttributes(array($idSite));
+
         if ($this->useThirdPartyCookies) {
             $t->DEBUG_APPEND_URL = '&forceUseThirdPartyCookie=1';
         }
diff --git a/tests/PHPUnit/Unit/Tracker/RequestTest.php b/tests/PHPUnit/Unit/Tracker/RequestTest.php
index e3964369ff..43f8a1bc7f 100644
--- a/tests/PHPUnit/Unit/Tracker/RequestTest.php
+++ b/tests/PHPUnit/Unit/Tracker/RequestTest.php
@@ -49,9 +49,13 @@ class RequestTest extends UnitTestCase
         $this->assertSame($this->time, $request->getCurrentTimestamp());
     }
 
-    public function test_cdt_ShouldReturnTheCurrentTimestamp_IfNotAuthenticatedAndTimestampIsNotRecent()
+    /**
+     * @expectedException \Exception
+     * @expectedExceptionMessage Custom timestamp is 86500 seconds old
+     */
+    public function test_cdt_ShouldNotTrackTheRequest_IfNotAuthenticatedAndTimestampIsNotRecent()
     {
-        $request = $this->buildRequest(array('cdt' => '' . $this->time - 28800));
+        $request = $this->buildRequest(array('cdt' => '' . $this->time - 86500));
         $this->assertSame($this->time, $request->getCurrentTimestamp());
     }
 
@@ -64,9 +68,9 @@ class RequestTest extends UnitTestCase
 
     public function test_cdt_ShouldReturnTheCustomTimestamp_IfAuthenticatedAndValid()
     {
-        $request = $this->buildRequest(array('cdt' => '' . ($this->time - 28800)));
+        $request = $this->buildRequest(array('cdt' => '' . ($this->time - 86500)));
         $request->setIsAuthenticated();
-        $this->assertSame('' . ($this->time - 28800), $request->getCurrentTimestamp());
+        $this->assertSame('' . ($this->time - 86500), $request->getCurrentTimestamp());
     }
 
     public function test_cdt_ShouldReturnTheCustomTimestamp_IfTimestampIsInFuture()