diff options
| -rw-r--r-- | config/global.ini.php | 4 | ||||
| -rw-r--r-- | core/Tracker.php | 19 | ||||
| -rw-r--r-- | libs/PiwikTracker/PiwikTracker.php | 11 |
3 files changed, 22 insertions, 12 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index 9d76c4be20..31b8beb8c5 100644 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -494,6 +494,9 @@ page_maximum_length = 1024; ; TTL: Time to live for cache files, in seconds. Default to 5 minutes. tracker_cache_file_ttl = 300 +; Whether Bulk tracking requests to the Tracking API requires the token_auth to be set. +bulk_requests_require_authentication = 0 + ; DO NOT USE THIS SETTING ON PUBLICLY AVAILABLE PIWIK SERVER ; !!! Security risk: if set to 0, it would allow anyone to push data to Piwik with custom dates in the past/future and even with fake IPs! ; When using the Tracking API, to override either the datetime and/or the visitor IP, @@ -501,6 +504,7 @@ tracker_cache_file_ttl = 300 ; DO NOT USE THIS SETTING ON PUBLIC PIWIK SERVERS tracking_requests_require_authentication = 1 + [Segments] ; Reports with segmentation in API requests are processed in real time. ; On high traffic websites it is recommended to pre-process the data diff --git a/core/Tracker.php b/core/Tracker.php index c84b3c0a13..5b11bda4f5 100644 --- a/core/Tracker.php +++ b/core/Tracker.php @@ -175,14 +175,21 @@ class Tracker return array( $requests, $tokenAuth); } + private function isBulkTrackingRequireTokenAuth() + { + return !empty(Config::getInstance()->Tracker['bulk_requests_require_authentication']); + } + private function authenticateBulkTrackingRequests($rawData) { list($this->requests, $tokenAuth) = $this->getRequestsArrayFromBulkRequest($rawData); - if (empty($tokenAuth)) { + if($this->isBulkTrackingRequireTokenAuth() + && empty($tokenAuth)) { throw new Exception( "token_auth must be specified when using Bulk Tracking Import. " - ." See <a href='http://developer.piwik.org/api-reference/tracking-api'>Tracking Doc</a>"); + ." See <a href='http://developer.piwik.org/api-reference/tracking-api'>Tracking Doc</a>"); } + if (!empty($this->requests)) { foreach ($this->requests as &$request) { @@ -200,12 +207,10 @@ class Tracker $requestObj = new Request($request, $tokenAuth); $this->loadTrackerPlugins($requestObj); - // a Bulk Tracking request that is not authenticated should fail - if (!$requestObj->isAuthenticated()) { - throw new Exception(sprintf("token_auth specified does not have Admin permission for idsite=%s", - $requestObj->getIdSite())); + if($this->isBulkTrackingRequireTokenAuth() + && !$requestObj->isAuthenticated()) { + throw new Exception(sprintf("token_auth specified does not have Admin permission for idsite=%s", $requestObj->getIdSite())); } - $request = $requestObj; } } diff --git a/libs/PiwikTracker/PiwikTracker.php b/libs/PiwikTracker/PiwikTracker.php index ba790c77b0..a62feb7a8b 100644 --- a/libs/PiwikTracker/PiwikTracker.php +++ b/libs/PiwikTracker/PiwikTracker.php @@ -627,15 +627,16 @@ class PiwikTracker */ public function doBulkTrack() { - if (empty($this->token_auth)) { - throw new Exception("Token auth is required for bulk tracking."); - } - if (empty($this->storedTrackingActions)) { throw new Exception("Error: you must call the function doTrackPageView or doTrackGoal from this class, before calling this method doBulkTrack()"); } - $data = array('requests' => $this->storedTrackingActions, 'token_auth' => $this->token_auth); + $data = array('requests' => $this->storedTrackingActions); + + // token_auth is not required by default, except if bulk_requests_require_authentication=1 + if(!empty($this->token_auth)) { + $data['token_auth'] = $this->token_auth; + } $postData = json_encode($data); $response = $this->sendRequest($this->getBaseUrl(), 'POST', $postData, $force = true); |