Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Archive cronjob core:archive should run when Piwik is using a different Login plugin (eg LoginHttpAuth) #5012

Closed
tassoman opened this issue Apr 17, 2014 · 12 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc. worksforme The issue cannot be reproduced and things work as intended.
Milestone

Comments

@tassoman
Copy link
Contributor

Well, I've overrided Login core plugin writing a custom authentication plugin following LoginHttpAuth plugin example, because of our Identity Manager.

Invoking "php console core:archive --url" command, we got the following error:

INFO CoreConsole[2014-04-17 11:20:08] [25984] START
INFO CoreConsole[2014-04-17 11:20:08] [25984] Starting Piwik reports archiving...
INFO CoreConsole[2014-04-17 11:20:09] [25984] ERROR: Got invalid response from API request: http://vmdev.local/piwik/index.php?module=API&method=API.get&idSite=1&period=day&date=last3&format=php&token_auth=7917f2596f8bb70c954893f200ba6274&trigger=archivephp. Response was 'a:2:{s:6:"result";s:5:"error";s:7:"message";s:126:"Non puoi accedere alla risorsa richiesta perch  necessario essere autorizzati per l'accesso 'view' per il sito con id = 1.";}'
INFO CoreConsole[2014-04-17 11:20:09] [25984] WARNING: Empty or invalid response '' for website id 1, Time elapsed: 0.465s, skipping
INFO CoreConsole[2014-04-17 11:20:09] [25984] Done archiving!

The italian text shortly says: "you haven't 'view' privilege on site id=1", but crontab ran as Super User (full log attached)

In the Login plugin's description cell (in plugins page) I can read: "Login Authentication plugin, _reading the credentials from the config/config.ini.php file for the initial Super User, and from the Database for the other users. Can be easily replaced to introduce a new Authentication mechanism (OpenID, htaccess, custom Auth, etc.)."_

Well, looks like my new authentication plugin can't read superuser credentials from the config.ini.php and looks for first superuser into db but when it's found, this user have any 'view' right on sites profiles because he's superuser status.

I've tried to investigate misc/cron/archive.sh source code and I found a notice saying to use archive.php instead.

Inside archive.php I've also found a notice saying: "this script is deprecated in favor of console command".

A full archive.log is attached to this message
Keywords: archive, cron, login, plugin

@tassoman
Copy link
Contributor Author

Attachment: Full archive.log output
archive.log

@tassoman
Copy link
Contributor Author

Being in ssh shell I got a InvalidArgumentException when I tried to run a 'php console core:archive" command on a "latest.zip" Piwik installation downloaded from website.

Looks like Composer is a requirement if you try to run 'php console' and needs also 'composer update' at first run.

@mattab
Copy link
Member

mattab commented Apr 27, 2014

@tassoman can you please create separate ticket for this console / composer bug?

@mattab
Copy link
Member

mattab commented Apr 27, 2014

Thanks for the bug report!

@tassoman
Copy link
Contributor Author

@mattab I've managed to run a flawless new git cloned installation from master branch, then at first run I've got a webpage saying to run composer install.
Then after finished the webpage installation I've run flawless the core:archive command (while Login Plugin is in), so the problem with php console and composer has gone.

@mattab
Copy link
Member

mattab commented Apr 28, 2014

Good, so I'll look at the original bug with HttpLoginAuth and core:archive at some point.

@tassoman
Copy link
Contributor Author

tassoman commented May 5, 2014

Well, I've manually tested against the API call that produces error:

http://vmdev.local/piwik/index.php?module=API&method=API.get&idSite=1&period=day&date=last2&format=php&token_auth=7917f2596f8bb70c954893f200ba6274&trigger=archivephp

Getting the url using a browser (with my custom plugin enabled, Login disabled) the answer is:

a:2:{s:10:"2014-05-04";a:26:{s:16:"nb_uniq_visitors";i:0;s:9:"nb_visits";i:0;s:10:"nb_actions";i:0;s:20:"nb_actions_per_visit";i:0;s:11:"bounce_rate";i:0;s:16:"avg_time_on_site";i:0;s:11:"max_actions";i:0;s:19:"nb_visits_returning";i:0;s:20:"nb_actions_returning";i:0;s:26:"avg_time_on_site_returning";i:0;s:21:"bounce_rate_returning";i:0;s:30:"nb_actions_per_visit_returning";i:0;s:26:"nb_uniq_visitors_returning";i:0;s:14:"nb_conversions";i:0;s:19:"nb_visits_converted";i:0;s:15:"conversion_rate";i:0;s:7:"revenue";i:0;s:12:"nb_pageviews";i:0;s:17:"nb_uniq_pageviews";i:0;s:12:"nb_downloads";i:0;s:17:"nb_uniq_downloads";i:0;s:11:"nb_outlinks";i:0;s:16:"nb_uniq_outlinks";i:0;s:11:"nb_searches";i:0;s:11:"nb_keywords";i:0;s:19:"avg_time_generation";i:0;}s:10:"2014-05-05";a:26:{s:16:"nb_uniq_visitors";i:0;s:9:"nb_visits";i:0;s:10:"nb_actions";i:0;s:20:"nb_actions_per_visit";i:0;s:11:"bounce_rate";i:0;s:16:"avg_time_on_site";i:0;s:11:"max_actions";i:0;s:19:"nb_visits_returning";i:0;s:20:"nb_actions_returning";i:0;s:26:"avg_time_on_site_returning";i:0;s:21:"bounce_rate_returning";i:0;s:30:"nb_actions_per_visit_returning";i:0;s:26:"nb_uniq_visitors_returning";i:0;s:14:"nb_conversions";i:0;s:19:"nb_visits_converted";i:0;s:15:"conversion_rate";i:0;s:7:"revenue";i:0;s:12:"nb_pageviews";i:0;s:17:"nb_uniq_pageviews";i:0;s:12:"nb_downloads";i:0;s:17:"nb_uniq_downloads";i:0;s:11:"nb_outlinks";i:0;s:16:"nb_uniq_outlinks";i:0;s:11:"nb_searches";i:0;s:11:"nb_keywords";i:0;s:19:"avg_time_generation";i:0;}}

While getting the url being in shell using wget, the answer is:

a:2:{s:6:"result";s:5:"error";s:7:"message";s:86:"You can't access this resource as it requires an 'view' access for the website id = 1.";}

So using a browser does a flawless authentication but in console authentication fails because relies on 'view' privilege.

Note: the token_auth belongs to 'admin' user

@mattab
Copy link
Member

mattab commented May 6, 2014

I've installed and enabled LoginHttpAuth plugin, and then executed console core:archive. It's working for me.

If you still have problem with 2.2.1-rc3 (or git) then please send me access to SSH to your piwik code files, as I would like to reproduce and fix it

@tassoman
Copy link
Contributor Author

tassoman commented May 6, 2014

I've found you on bitbucket.org with exact username, related to piwik teams so I've added to a my private repository dedicated to this project.
You could add the repo as a submodule of a fresh git installation.
Thank you so much in advance for helping.

@mattab
Copy link
Member

mattab commented May 6, 2014

I will try take a look, but it will take some time...

In the meantime, maybe you could look at the LoginLdap plugin source code, I've recently modified it to make the code as small as possible (LoginLdap will call functions from Login plugin, and LoginLdap controller extends from Login controller)

Maybe if you use same concept it would work?

@tassoman
Copy link
Contributor Author

tassoman commented May 7, 2014

Thank you very much for this hint. I've been inspired by your code and I've discovered token_auth weren't implemented in my plugin. Then I was relying on REMOTE_ADDR $_SERVER variable that isn't available being in console so I forced it to 0.0.0.0 when is unset (cli mode).

So you can close this "support request" not really being a "bug report".

@mattab
Copy link
Member

mattab commented May 8, 2014

Good news that your plugin now works!

@tassoman tassoman added this to the 2.3.0 - Piwik 2.3.0 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Development

No branches or pull requests

2 participants