Graphs have no data when using token_auth (but tables have)!

Hello.

We have a quite strange problem. This is how our application is set up:

• We have a piwik server with several sites.
• We have a piwik user for each site, each user has “view” access to his own site, and no access to the other sites. Anonymous users have no access to any site.
• We have an application, that is deployed in several websites. There is a page in which we include a Piwik panel with statistics from this site. In the include url, we give the site id, and the token_auth of the user of this site, so our clients can’t view statistics of other sites.

The problem is that all the widgets that show graphs (lines, bars or pie charts) say “there is no data for this graph”. But widgets displayed as a table, they do actually show data! In fact, if we change the display mode of any widget, it’s the same: graphs have no data and tables have.

On the other side, if we give “view” access to the anonymous user, or if we log in as a administrator user in the piwik site in the same browser that we are viewing the application, all widget show their data without problems, both graphs and tables.

We have no clue of what is happening, nor what to check or how to make a workaround. Any help?

Many thanks!

i think the module “widgetize” no longer receives token_auth. See the feature request: dev.piwik.org/trac/ticket/283

Basically you have to wait. But it would be interesting for me to see if the staff will suggest any alternative approach to this question . +1

Thanks for the suggestion, I reopened the ticket: http://dev.piwik.org/trac/ticket/235 ; see my comment. token_auth should work for authenticating widgets requests. This will be fixed in the next release.

thanks for your quick reply. I dont know how to submit a patch but this is what I added in dev.piwik.org/trac/browser/trunk/pl…Login/Login.php
on line 68 to make it work with token_auth

        if(Piwik::getModule() === 'Widgetize')
        {
            $tokenAuthAPIInUrl = Piwik_Common::getRequestVar('token_auth', '', 'string');
            if( !empty($tokenAuthAPIInUrl))
            {
                $auth->setLogin($login = null);
                $auth->setTokenAuth($tokenAuthAPIInUrl);
                return;
            }
        }

Hello again. We have updated our server to Piwik 0.5.5, and it’s still not working. However, we have tried the patch from vnese, and it solves the problem! Thanks!

I have looked at Ticket #235, and see that matt has closed it as fixed. But I think it’s not. Perhaps it worked for him because when your are logged as admin to the piwik server, and test the widgets in another tab of the same browser, the widget inherits authentication from the first tab. This has confused us too, several times.

But we have a simple test that demonstrates what’s occuring. For example, we enter the following url in a browser different that the one we are managing piwik server:

(url_of_my_server)/index.php?module=Widgetize&action=iframe&columns[]=nb_visits&moduleToWidgetize=VisitsSummary&actionToWidgetize=getEvolutionGraph&token_auth=7a6f5fbcf68c2ac829a12b45d2f69314&idSite=30&period=week&date=yesterday&disableLink=1

Then, in the other browser, go to user configuration, open the site with id 30 and check permissions of the user with token 7a6f5fbcf68c2ac829a12b45d2f69314.

• If anonymous has view permission on the site, the widget works.
• If anonymous has no permissions on the site, the widget says no data. This is independent of the permissions of the other user.

But when I add the patch from vnese, then the widget shows data only if the user with that token has view permission on the site, now this is independent of the permissions of anonymous.

That is what we wanted.

Maybe Matt has been using the Admin (root) account’s token which works on every site. I wonder if he has created a new user, set the correct permission and uses the token which belongs to the user to test.

Btw, that s great if the patch works for you.

http://dev.piwik.org/trac/ticket/1260