API for token_auth


#1

[Post is adaption of a post in lists.typo3.org/projects/piwik]
Hi,

it’s just going forward with mobile app support for TYPO3 Piwikintegration.
Currently there is a problem with generation the authTokens, as
Piwik.org seems to have a static relation between username / password
and token!

 Out of piwik/plugins/UsersManager/API.php
/**
 * Generates a unique MD5 for the given login & password
 *
 * @param string Login
 * @param string MD5ied string of the password
 */
public function getTokenAuth($userLogin, $md5Password)
{
	if(strlen($md5Password) != 32)
	{
		throw new Exception(Piwik_TranslateException
		   ('UsersManager_ExceptionPasswordMD5HashExpected'));
	}
	return md5($userLogin . $md5Password );
}

This collides with the current idea of a complete independent API Key. (As the apikey field in the db could be calculated automatically …)
You can set the API code manually to the above value to enable mobile
Apps in the SVN version on [1].

Piwik should check wether the given username/password is correct
and return the correct API Key.

Additionally i would like to have a function getNewTokenAuth(…) for generating a new random API key.

PS: Until this works, you may use the webinterface (what i would always
prefer over an app) - which is not optimized for mobile devices.

Steps:

  • enable TYPO3Login
  • enable TYPO3Menu
  • enable TYPO3Widgets
  • disable Login Plugin

SVN:
[1] Overview - Piwikintegration in TYPO3 - TYPO3 Forge

Best regards
Kay