From 193a9bb8b13bfdce69731181d3dad102f7e14f6b Mon Sep 17 00:00:00 2001
From: Stefan Giehl <stefan@piwik.org>
Date: Tue, 3 Jan 2017 21:28:29 +0100
Subject: [PATCH] Always send token_auth for POST requests done in widgetize
mode (#11135)
* adds UI test
* always send token_auth for requests done in widgetize mode
* adds correct screenshot for UI test
* adds ui test with invalid token
---
.../angularjs/common/services/piwik-api.js | 6 +++++-
.../widget-loader/widgetloader.directive.js | 4 ++++
plugins/Morpheus/javascripts/ajaxHelper.js | 6 +++++-
.../Dashboard_invalid_token_auth.png | Bin 0 -> 130 bytes
.../Dashboard_loaded_token_auth.png | Bin 0 -> 131 bytes
tests/UI/specs/Dashboard_spec.js | 20 ++++++++++++++++++
6 files changed, 34 insertions(+), 2 deletions(-)
create mode 100644 tests/UI/expected-screenshots/Dashboard_invalid_token_auth.png
create mode 100644 tests/UI/expected-screenshots/Dashboard_loaded_token_auth.png
diff --git a/plugins/CoreHome/angularjs/common/services/piwik-api.js b/plugins/CoreHome/angularjs/common/services/piwik-api.js
index ab546a7693..67f9756f4f 100644
--- a/plugins/CoreHome/angularjs/common/services/piwik-api.js
+++ b/plugins/CoreHome/angularjs/common/services/piwik-api.js
@@ -47,6 +47,10 @@ var hasBlockedContent = false;
return getParams && getParams['module'] === 'API' && getParams['method'];
}
+ function isWidgetizedRequest() {
+ return (broadcast.getValueFromUrl('module') == 'Widgetize');
+ }
+
function reset () {
getParams = {};
postParams = {};
@@ -176,7 +180,7 @@ var hasBlockedContent = false;
* @private
*/
function getPostParams (params) {
- if (isRequestToApiMethod()) {
+ if (isRequestToApiMethod() || isWidgetizedRequest()) {
params.token_auth = piwik.token_auth;
}
diff --git a/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js b/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js
index 0115b73715..f3d5317b7b 100644
--- a/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js
+++ b/plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js
@@ -96,6 +96,10 @@
url += '&showtitle=1';
}
+ if (broadcast.getValueFromUrl('module') == 'Widgetize' && broadcast.getValueFromUrl('token_auth')) {
+ url += '&token_auth=' + broadcast.getValueFromUrl('token_auth');
+ }
+
url += '&random=' + parseInt(Math.random() * 10000);
return '?' + url;
diff --git a/plugins/Morpheus/javascripts/ajaxHelper.js b/plugins/Morpheus/javascripts/ajaxHelper.js
index 4cc1ac823e..e93c7a82e7 100644
--- a/plugins/Morpheus/javascripts/ajaxHelper.js
+++ b/plugins/Morpheus/javascripts/ajaxHelper.js
@@ -481,8 +481,12 @@ function ajaxHelper() {
(this.postParams && this.postParams['module'] === 'API' && this.postParams['method']);
};
+ this._isWidgetizedRequest = function () {
+ return (broadcast.getValueFromUrl('module') == 'Widgetize');
+ };
+
this._getDefaultPostParams = function () {
- if (this.withToken || this._isRequestToApiMethod()) {
+ if (this.withToken || this._isRequestToApiMethod() || this._isWidgetizedRequest()) {
return {
token_auth: piwik.token_auth
};
diff --git a/tests/UI/expected-screenshots/Dashboard_invalid_token_auth.png b/tests/UI/expected-screenshots/Dashboard_invalid_token_auth.png
new file mode 100644
index 0000000000000000000000000000000000000000..065744e5ba962dbc389441ead75272220c00d65b
GIT binary patch
literal 130
zcmXR*Eh^5;&r`@KDJdwn($`PVEYZzLE7nWTEXgQM(o4?I)h{kcP1Y|n<jT)XQ7Fzx
zG%_`_vP`uwG&VIdFi5gUF-$g2O-nLQGqSWuH8(d%GcYx_G&is`v@o(TNwQ2!woFb*
hHZrs{OG+_GGqki!G&fJP<SNdrN>wm6HncF~0szdrCjkHe
literal 0
HcmV?d00001
diff --git a/tests/UI/expected-screenshots/Dashboard_loaded_token_auth.png b/tests/UI/expected-screenshots/Dashboard_loaded_token_auth.png
new file mode 100644
index 0000000000000000000000000000000000000000..6a923dff35dbef9ad7a3d2af15c4a2e480e6e6e6
GIT binary patch
literal 131
zcmXR*Eh^5;&r`@KDJdwn($`PVEYZzLE7nWTEXgQM(o4?I)h{kcP1Y|n<jT)XQ7Fzx
zG%_`_N=z{_Pcbwxw=_;oOR_LGHcd&iv`jWLG%zqROg0D0rkR?VCMFwNBwD0eS{f&r
fB&V61BqbT7niwRS7;qJ5R;4PK8k?9|8gl^v7Az;u
literal 0
HcmV?d00001
diff --git a/tests/UI/specs/Dashboard_spec.js b/tests/UI/specs/Dashboard_spec.js
index 0c4f28f080..f647bdab68 100644
--- a/tests/UI/specs/Dashboard_spec.js
+++ b/tests/UI/specs/Dashboard_spec.js
@@ -223,4 +223,24 @@ describe("Dashboard", function () {
}, done);
});
+ it("should load correctly with token_auth", function (done) {
+ testEnvironment.testUseMockAuth = 0;
+ testEnvironment.save();
+
+ expect.screenshot("loaded_token_auth").to.be.capture(function (page) {
+ var tokenAuth = "9ad1de7f8b329ab919d854c556f860c1";
+ page.load(url.replace("idDashboard=5", "idDashboard=1") + '&token_auth=' + tokenAuth, 5000);
+ }, done);
+ });
+
+ it("should fail to load with invalid token_auth", function (done) {
+ testEnvironment.testUseMockAuth = 0;
+ testEnvironment.save();
+
+ expect.screenshot("invalid_token_auth").to.be.capture(function (page) {
+ var tokenAuth = "anyInvalidToken";
+ page.load(url.replace("idDashboard=5", "idDashboard=1") + '&token_auth=' + tokenAuth, 5000);
+ }, done);
+ });
+
});
--
GitLab