token_auth problem on dashboard

Recently we’ve upgraded to the newest Piwik version(2.16.0) from a pretty old one(1.7). Since the upgrade token_auth url parameter seems to not be interpreted as before when accessing dashboard. We make a redirect from our site to Piwik specifying siteId, token_auth and some other params so that the user could see his statistics without the need of signing in Piwik too. Before it was working fine, but now we get an error message: “Error: You can’t access this resource as it requires an ‘view’ access for the website id = X”. The user data is actually loaded and we could see the user profile in Piwik so the token is good and used for some features. If we sign-in with that same user we could see the statistics, but with just the token_auth we cannot. Seems that when Piwik tries to load the widgets on dashboard, it doesn’t include the token_auth for them and it doesn’t interpret token_auth as real authentication.

Does someone know if it’s a bug or there is some new configuration I need to do(or something else)?

Thanks in advance!

Do you youse the logme feature? Currently, it doesn’t work for super users.

We don’t use logme feature.
I have found out the problem. In broadcast.js the function which returns the default POST parameters is overriden, so when widgets are loaded token_auth is not included.

In ajaxHelper.js we have the function:

this._getDefaultPostParams = function () {
    return {
          token_auth: piwik.token_auth

and in broadcast.js(line 491):

var ajax = new ajaxHelper();
ajax._getDefaultPostParams = function () {
    return {};

So when you remove the overriden version of _getDefaultPostParams in broadcast.js, it works good.

Hi there,
Can you please create a bug report on our tracker Issues · matomo-org/piwik · GitHub
and include there the list of steps to reproduce the issue? So far we haven’t heard of this problem. Also please make sure all your Piwik files are correctly uploaded.