diff options
| -rw-r--r-- | core/Tracker.php | 29 | ||||
| -rw-r--r-- | core/Tracker/Visit.php | 2 | ||||
| -rw-r--r-- | libs/PiwikTracker/PiwikTracker.php | 6 | ||||
| -rw-r--r-- | plugins/UsersManager/API.php | 4 | ||||
| -rw-r--r-- | plugins/UsersManager/UsersManager.php | 25 |
5 files changed, 55 insertions, 11 deletions
diff --git a/core/Tracker.php b/core/Tracker.php index b639d653b4..9000a7f7a8 100644 --- a/core/Tracker.php +++ b/core/Tracker.php @@ -349,7 +349,7 @@ class Piwik_Tracker } } - protected function authenticateSuperUser() + protected function authenticateSuperUserOrAdmin() { $tokenAuth = Piwik_Common::getRequestVar('token_auth', false); @@ -357,13 +357,25 @@ class Piwik_Tracker { $superUserLogin = Piwik_Tracker_Config::getInstance()->superuser['login']; $superUserPassword = Piwik_Tracker_Config::getInstance()->superuser['password']; - if( md5($superUserLogin . $superUserPassword ) == $tokenAuth ) { return true; } + + // Now checking the list of admin token_auth cached in the Tracker config file + $idSite = Piwik_Common::getRequestVar('idsite', false, 'int', $this->request); + if(!empty($idSite) + && $idSite > 0) + { + $website = Piwik_Common::getCacheWebsiteAttributes( $idSite ); + $adminTokenAuth = $website['admin_token_auth']; + if(in_array($tokenAuth, $adminTokenAuth)) + { + return true; + } + } + printDebug("token_auth = $tokenAuth - Warning: Super User / Admin was NOT authenticated"); } - return false; } @@ -373,27 +385,28 @@ class Piwik_Tracker */ protected function handleTrackingApi() { - if(!$this->authenticateSuperUser()) + if(!$this->authenticateSuperUserOrAdmin()) { return; } - + printDebug("token_auth is authenticated!"); + // Custom IP to use for this visitor - $customIp = Piwik_Common::getRequestVar('cip', false); + $customIp = Piwik_Common::getRequestVar('cip', false, 'string', $this->request); if(!empty($customIp)) { $this->setForceIp($customIp); } // Custom server date time to use - $customDatetime = Piwik_Common::getRequestVar('cdt', false); + $customDatetime = Piwik_Common::getRequestVar('cdt', false, 'string', $this->request); if(!empty($customDatetime)) { $this->setForceDateTime($customDatetime); } // Forced Visitor ID to record the visit / action - $customVisitorId = Piwik_Common::getRequestVar('cid', false); + $customVisitorId = Piwik_Common::getRequestVar('cid', false, 'string', $this->request); if(!empty($customVisitorId)) { $this->setForceVisitorId($customVisitorId); diff --git a/core/Tracker/Visit.php b/core/Tracker/Visit.php index 6e75f500cc..070120b6d5 100644 --- a/core/Tracker/Visit.php +++ b/core/Tracker/Visit.php @@ -394,7 +394,7 @@ class Piwik_Tracker_Visit implements Piwik_Tracker_Visit_Interface */ protected function handleNewVisit($idActionUrl, $idActionName, $someGoalsConverted) { - printDebug("New Visit."); + printDebug("New Visit (IP = ".long2ip($this->getVisitorIp()).")"); $localTimes = array( 'h' => (string) Piwik_Common::getRequestVar( 'h', $this->getCurrentDate("H"), 'int', $this->request), diff --git a/libs/PiwikTracker/PiwikTracker.php b/libs/PiwikTracker/PiwikTracker.php index da0f4c0d54..156abafa03 100644 --- a/libs/PiwikTracker/PiwikTracker.php +++ b/libs/PiwikTracker/PiwikTracker.php @@ -350,8 +350,10 @@ class PiwikTracker } /** - * Some Tracking API functionnality requires express Super User authentication. - * The following features require Super User access: + * Some Tracking API functionnality requires express authentication, using either the + * Super User token_auth, or a user with 'admin' access to the website. + * + * The following features require access: * - force the visitor IP * - force the date & time of the tracking requests rather than track for the current datetime * - force Piwik to track the requests to a specific VisitorId rather than use the standard visitor matching heuristic diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php index 3f915ca8f3..f06a4f2a6c 100644 --- a/plugins/UsersManager/API.php +++ b/plugins/UsersManager/API.php @@ -377,6 +377,7 @@ class Piwik_UsersManager_API // we reload the access list which doesn't yet take in consideration this new user Zend_Registry::get('access')->reloadAccess(); + Piwik_Common::deleteTrackerCache(); } /** @@ -434,6 +435,7 @@ class Piwik_UsersManager_API ), "login = '$userLogin'" ); + Piwik_Common::deleteTrackerCache(); } /** @@ -457,6 +459,7 @@ class Piwik_UsersManager_API $this->deleteUserOnly( $userLogin ); $this->deleteUserAccess( $userLogin ); + Piwik_Common::deleteTrackerCache(); } /** @@ -552,6 +555,7 @@ class Piwik_UsersManager_API // we reload the access list which doesn't yet take in consideration this new user access Zend_Registry::get('access')->reloadAccess(); + Piwik_Common::deleteTrackerCache(); } /** diff --git a/plugins/UsersManager/UsersManager.php b/plugins/UsersManager/UsersManager.php index c9ee3d4591..136ada7962 100644 --- a/plugins/UsersManager/UsersManager.php +++ b/plugins/UsersManager/UsersManager.php @@ -49,9 +49,34 @@ class Piwik_UsersManager extends Piwik_Plugin 'AdminMenu.add' => 'addMenu', 'AssetManager.getJsFiles' => 'getJsFiles', 'SitesManager.deleteSite' => 'deleteSite', + 'Common.fetchWebsiteAttributes' => 'recordAdminUsersInCache', ); } + + /** + * Hooks when a website tracker cache is flushed (website/user updated, cache deleted, or empty cache) + * Will record in the tracker config file the list of Admin token_auth for this website. This + * will be used when the Tracking API is used with setIp(), setForceDateTime(), setVisitorId(), etc. + * + * @param Piwik_Event_Notification $notification + * @return void + */ + function recordAdminUsersInCache($notification) + { + $idSite = $notification->getNotificationInfo(); + // add the 'hosts' entry in the website array + $users = Piwik_UsersManager_API::getInstance()->getUsersWithSiteAccess($idSite, 'admin'); + + $tokens = array(); + foreach($users as $user) + { + $tokens[] = $user['token_auth']; + } + $array =& $notification->getNotificationObject(); + $array['admin_token_auth'] = $tokens; + } + /** * Delete user preferences associated with a particular site * |