Opened 3 years ago

Closed 3 years ago

#2416 closed Bug (fixed)

After upgrading to 1.4, Live Plugin embeded as a widget causes user to be redirected to Piwik login screen

Reported by: jpasquier Owned by: matt
Priority: normal Milestone: 1.5 - Piwik 1.5
Component: Core Keywords: live widget
Cc: Sensitive: no

Description

I have embeded the Live Plugin as a widget (iframe) into an external website.
Since I have updated to the 1.4 version of Piwik, whenever a user enter on the page where the widget is embeded, he is redirected to the Piwik login screen with en error message "you cannot access this resource, a 'view' permission on site XX is required".

It seems that the problem comes from the controller of the Live plugin which makes calls to Piwik_API and Piwik_Live_API without having authenticated the user.

Here is a patch that ensures that the authentication token is used to authenticate user before starting to use the API.

Attachments (1)

live_plugin_token_auth_for_api_calls.patch (1005 bytes) - added by jpasquier 3 years ago.

Download all attachments as: .zip

Change History (6)

Changed 3 years ago by jpasquier

comment:1 Changed 3 years ago by matt (mattab)

Does it still work when the token auth is not passed, ie. in the normal dashboard?

comment:2 Changed 3 years ago by jpasquier

Yes, it does work.
If you are logged in Piwik and go to the page with the embedded widget, it works as well.

It seems that the problem comes from some functions in the Piwik_Live_API that check whether the user has view access to the site before doing anything.

comment:3 Changed 3 years ago by matt (mattab)

  • Milestone set to 1.5 - Piwik 1.5

OK Thanks for the patch, we'll try and commit it for the next release

comment:4 Changed 3 years ago by matt (mattab)

  • Owner set to matt

comment:5 Changed 3 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed

(In [4827]) Fixes #2416 - Kuddos jpasquier for the patch

Note: See TracTickets for help on using tickets.