@dropadrop opened this Issue on October 5th 2016

I'm importing historical data to piwik through the tracking API, and after resetting to notice the auth_token changed on user password reset I spent quite a while wondering where my events were going.

With each event I also set the original time it was received, ip-address and other location related data. Setting these require also providing the auth_token.

Current behaviour:
It seems that if the auth_token is provided but incorrect then the data is stored without the values requiring the auth token. No warnings are logged, calls receive status 200, so no visible indication that things are going sour.

Expected behaviour:
A clear indication that things are going wrong, IMO the events should not even be stored as providing a token_auth indicates that the party sending the event wants to be authenticated so you are either looking at storing wrong / partial data for a valid user or storing bogus data for an "attacker".

I'd say there are 3 possible solutions (or combination):

  1. Return http status different from 200. This would also have side effects as it could be used to try to figure out the auth_token (btw, better would be to use auth_token as a shared secret and use it as salt to hash a set of required parameters, then include the hash as a parameter)
  2. Behave like now but log a warning
  3. Log a warning and don't store the data

I'd think 3 would be the correct option. Generally when I'm calling the API I'm importing hundreds of thousands of events so cleaning out bad data becomes challenging, especially if I already have lots of valid data for the same site.

@mattab commented on November 12th 2016 Owner

Thanks @dropadrop for the report. In Tracking API when token_auth is invalid it would make sense to log a warning. Not sure about not storing the data at all... but it might be the more correct thing to do indeed. When storing partial data, the warning messages and data inacurracies could be easily ignored... while no data tracked makes it easier to find the problem. If we don't track any data at all then we can also return http status 401 Unauthorized.

Powered by GitHub Issue Mirror