@anonymous-piwik-user opened this Issue on April 26th 2013

When the dashboard is included within an iframe the little sparkline graphs do not show because the token_auth GET parameter is not included in the image link. I can fix this by adding the token_auth parameter to the getUrlSparkline call:

$view->urlSparklineNbVisits = $this->getUrlSparkline( 'getEvolutionGraph', array('token_auth' => Piwik::getCurrentUserTokenAuth(), 'columns' => $view->displayUniqueVisitors ? array('nb_visits', 'nb_uniq_visitors') : array('nb_visits')));

@mattab commented on April 28th 2013 Owner

Good point, I guess the main controller should set the auth cookie for token_auth'ed request, then the Sparklines would have auth from the cookie. Not sure why it is not working already this way, there might be a reason...

@pebosi commented on May 27th 2013 Contributor

Same problem here.

Tried with this:

    static public function reloadAuthUsingTokenAuth($request = null)
    {
        // if a token_auth is specified in the API request, we load the right permissions
        $token_auth = Piwik_Common::getRequestVar('token_auth', '', 'string', $request);
        if ($token_auth) {
            Piwik_PostEvent('API.Request.authenticate', $token_auth);

############## ADDED
            $authCookieName = Piwik_Config::getInstance()->General['login_cookie_name'];
            $authCookieExpiry = 0;
            $authCookiePath = Piwik_Config::getInstance()->General['login_cookie_path'];
            $cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
            $auth = Zend_Registry::get('auth');

            $login = Piwik_FetchOne(
                'SELECT login
                FROM ' . Piwik_Common::prefixTable('user') . '
                                                                WHERE token_auth = ?',
                array($token_auth)
            );

            $cookie->set('login', $login);
            $cookie->set('token_auth', $auth->getHashTokenAuth($login, $token_auth));
            $cookie->setSecure(Piwik::isHttps());
            $cookie->setHttpOnly(true);
            $cookie->save();
############## ADDED END

            Zend_Registry::get('access')->reloadAccess();
            Piwik::raiseMemoryLimitIfNecessary();
        }
    }

But is this safe or is there a better place?

@mattab commented on January 10th 2014 Owner

This was fixed sometimes as it's working for me!

This Issue was closed on January 10th 2014
Powered by GitHub Issue Mirror