Opened 4 years ago

Closed 2 years ago

Last modified 6 months ago

#1353 closed Bug (fixed)

Dashboard & Sparklines should work when embedded with token_auth

Reported by: matt Owned by:
Priority: critical Milestone: Piwik 1.8
Component: Core Keywords:
Cc: Sensitive: no

Description (last modified by matt)

Bugs/limitations in "Widgets/Embed" feature:

  • Sparklines don't work in embedded reports containing sparklines
    • the token_auth parameter is not set in the sparkline URL
    • AND token_auth won't actually authenticate the sparkline

Report in http://forum.piwik.org/read.php?2,84098


See other report in duplicated #2451

See also related feature request #283

Attachments (2)

live_plugin_with_token_forwarding.pacth (1.9 KB) - added by jpasquier 3 years ago.
fix.patch (250 bytes) - added by windmaker 2 years ago.

Download all attachments as: .zip

Change History (30)

comment:2 Changed 4 years ago by matt (mattab)

  • Description modified (diff)

comment:3 Changed 4 years ago by matt (mattab)

  • Milestone changed from 0 - Piwik 0.6.5 to 4 - Piwik 1.0 - Stable release
  • Priority changed from normal to low

comment:4 Changed 4 years ago by matt (mattab)

  • Summary changed from Dashboard embed doesn't work with token_auth to Dashboard and Live! widget embed doesn't work with token_auth

comment:5 Changed 4 years ago by matt (mattab)

Also, embed widgets switch to Graph (Pie or vertical bar) always show "No data for this graph" while tag clouds and table work.

Probably token_auth not forwarded correctly or something similar..

comment:6 Changed 4 years ago by matt (mattab)

(In [2875]) Refs #1353 Switching to display graph now work

comment:7 Changed 4 years ago by matt (mattab)

  • Milestone changed from 4 - Piwik 1.0 - Stable release to 5 - Piwik 1.1

comment:8 Changed 3 years ago by matt (mattab)

  • Milestone changed from 1.2 Piwik 1.2 to Feature requests

comment:9 Changed 3 years ago by jpasquier

Here is a patch that forward the token_auth to the Live widget.

With this patch AJAX calls made from the Live widget are made with the token_auth parameter.

This allows embedding the Live widget into a page without having to grant anonymous view permission.

Changed 3 years ago by jpasquier

comment:10 Changed 3 years ago by bronco

Is this problem just about some widgets? I think the token_auth function is generally not working and not only a widget here and there. In my case it is absolutly important, because I include Piwik in my project as a suubstantial part and I think the developers outside won't include Piwik, if the option to include Piwik as a part of their services isn't working. So I really hope that this fdeature will be fixed in the near future.

comment:11 Changed 3 years ago by vipsoft (robocoder)

The Live widget can be fixed.

The Dashboard isn't a widget, and wasn't designed to be embedded outside of Piwik.

comment:12 Changed 3 years ago by matt (mattab)

  • Summary changed from Dashboard and Live! widget embed doesn't work with token_auth to Dashboard doesn't work when embedded with token_auth

jpasquier, thanks for your patch. I created a ticket at: #2068

bronco, all widgets should work with token_auth except Live and Dashboard. Let us know if you have issues.

vipsoft, Dashboard is not a widget, but because we display the link to the embeddable dashboard in the Widgets page, users might expect it to work with token_auth. This is low priority though (in particular, fixing Live! to work with token_auth is more important)

comment:13 Changed 3 years ago by matt (mattab)

  • Description modified (diff)
  • Summary changed from Dashboard doesn't work when embedded with token_auth to Dashboard and Table goal icon don't work when embedded with token_auth

comment:14 Changed 3 years ago by bronco

Hello vipsoft,

I think I have to disagree. The dashboard is maybe not a widget but it has the potential to grow the usability of piwik.

I work on a project where users can create domains and organise them as well. One of the parts of the service is the own piwik user tracker similar to google. I try to make it easy as possible for the webmaster to do his business. So he see on the domain node all his informations included under several tabs. Also the piwik dashboard is a tab for easy using.

I can't tell the webmaster hey sorry I can't make it easy to show you your personal domain user data and statistics you have to klick -> piwik autologin(for easy login) -> landing on the website overview -> choose there your domain.???

I think in my personal opinion piwik is made for webmaster and I also think they got enough work to do so why should I make it more complicated then nessesary??

I mean Piwik is great absolutely but this small feature that auth tokens should just work enhances the flexibility,usability of piwik and for the user of piwik the webmaster.

This thread has now his age to make a desicion what should happen with this request? Maybe others would also like to include piwik in his programms but they can't of this security bug.

I hope really you could understand my point of view and tell me that u will try to spend a little time on that. I can't believe that this is really a big problem? Or can you offer a secure workaround to make it work?

best wishes bronco

comment:15 Changed 3 years ago by matt (mattab)

  • Milestone changed from Feature requests to 1.6 Piwik 1.6

bronco, according to our no bug policy we should indeed fix this issue, my bad. Increasing priority...

comment:16 Changed 3 years ago by bronco

Thx matt for your obligation in this case.

comment:17 Changed 3 years ago by bronco

By the way this bug http://dev.piwik.org/trac/ticket/2058 is also still open and hopefully gets included in the next updates.

comment:18 Changed 2 years ago by matt (mattab)

  • Description modified (diff)
  • Summary changed from Dashboard and Table goal icon don't work when embedded with token_auth to Sparklines, Dashboard, Table goal icon don't work when embedded with token_auth

comment:19 Changed 2 years ago by jackharp

We are also experiencing this problem, and would love a resolution or patch if possible. Just adding this entry in the hopes of adding weight to the issue.

comment:20 Changed 2 years ago by matt (mattab)

  • Milestone changed from 1.8 Piwik 1.8 to 1.7 Piwik 1.7

comment:21 Changed 2 years ago by felixbachman

Also, in the "Evolution over the last days graph" the selection icon of which values to show doesn't work as a widget also. Same issue, it redirects to the login screen. It would be REALLY nice to fix this since these token_auth issues are unresolved since a long time.

comment:22 Changed 2 years ago by matt (mattab)

  • Priority changed from low to major

Should be fixed asap now that we have an amazing Dashboard to embed thanks to Stefan great new feature!!

comment:23 Changed 2 years ago by windmaker

my fast and dirty fix for graphs of "Evolution graphs" (and others..) is :

File : piwik/plugins/API/API.php

#line 91 aprox.

Replace:

return self::$instance;

for

Piwik_API_Request::reloadAuthUsingTokenAuth(@$_GET);
		return self::$instance;

I Attachment the patch in need case

Changed 2 years ago by windmaker

comment:24 Changed 2 years ago by matt (mattab)

  • Milestone changed from 1.7.x - Piwik 1.7.x to 1.7.2 - Piwik 1.7.2

comment:25 Changed 2 years ago by matt (mattab)

(In [6312]) refs #3011, refs #1353
Embed dashboard now works with token_auth, it is also possible to create new dashboards, change layout, and add any widget.
the sparklines also work.

Known bug:

  • The graph metrics picker does not display on hover for unknown reason in embed dashboard

comment:26 Changed 2 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed

Looks like it's finally working, very nice ;)

comment:27 Changed 2 years ago by matt (mattab)

  • Priority changed from major to critical
  • Summary changed from Sparklines, Dashboard, Table goal icon don't work when embedded with token_auth to Dashboard & Sparklines should work when embedded with token_auth

comment:28 Changed 6 months ago by matt (mattab)

It seems the token_auth is not forwarded to the sparklines inside the widgets. See #4264

Note: See TracTickets for help on using tickets.