Skip to content

Add a mechanism to remind users to rotate personal auth tokens #23172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 32 commits into from
Apr 14, 2025
Merged

Add a mechanism to remind users to rotate personal auth tokens #23172

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
dab3b6c
Add initial code for a mechanism to remind users to rotate personal a…
michalkleiner Mar 26, 2025
738b03c
Fix CS
michalkleiner Mar 26, 2025
e45fcf2
Adjust token provider interface, make it more reusable, adjust respon…
michalkleiner Mar 28, 2025
8860c8a
Mark class as final
michalkleiner Mar 28, 2025
7f0bf88
Add migration to create new column and bump core version
michalkleiner Mar 28, 2025
d279dd4
Rework responsibilities, abstract token notification for allow other …
michalkleiner Mar 31, 2025
a2ccb88
Merge branch '5.x-dev' into dev-18658
michalkleiner Mar 31, 2025
68fa801
Remove unnecessary use statement
michalkleiner Mar 31, 2025
2010972
Fix typo
michalkleiner Apr 4, 2025
17ed08b
Rename interfaces, classes and methods to better suit their intended …
michalkleiner Apr 4, 2025
1d938bd
Ensure TokenNotifierTask is scheduled
michalkleiner Apr 4, 2025
4dfe986
Merge branch '5.x-dev' into dev-18658
michalkleiner Apr 4, 2025
747f3b8
Correctly use array access instead of object access to db row data
michalkleiner Apr 4, 2025
8963a6e
Tweaks from further local testing
michalkleiner Apr 7, 2025
41b7800
Allow to disable auth token notifications
michalkleiner Apr 7, 2025
06cf8c2
Exclude system tokens
michalkleiner Apr 7, 2025
7953e0b
Add auth token notification email tests
michalkleiner Apr 7, 2025
e8cbaee
Merge branch '5.x-dev' into dev-18658
michalkleiner Apr 7, 2025
b195c3b
Fix CS
michalkleiner Apr 7, 2025
2f834d9
Add log info about number of notifications sent
michalkleiner Apr 8, 2025
edc40a6
Declare test fixture variable
michalkleiner Apr 8, 2025
d5867ef
Merge branch '5.x-dev' into dev-18658
michalkleiner Apr 8, 2025
35a037e
Use strings in Tokens fixture
michalkleiner Apr 9, 2025
c2f1050
Add ts_rotation_notified field to expected token test data
michalkleiner Apr 9, 2025
42f53e0
Update UI test screenshot
michalkleiner Apr 10, 2025
03ad180
Merge branch '5.x-dev' into dev-18658
michalkleiner Apr 10, 2025
61af2b3
Use DATETIME column type in migration
michalkleiner Apr 11, 2025
30bc5c4
Update Manage auth token link URL to behave correctly when task run f…
michalkleiner Apr 11, 2025
223943f
Exclude anonymous user default token from token notifications
michalkleiner Apr 11, 2025
791d191
Store current datetime when token notification sent
michalkleiner Apr 11, 2025
6ac11f1
Merge branch '5.x-dev' into dev-18658
michalkleiner Apr 11, 2025
4913893
Exclude anonymous user by login
michalkleiner Apr 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions plugins/UsersManager/Emails/AuthTokenNotificationEmail.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use Piwik\Mail;
use Piwik\Piwik;
use Piwik\Plugins\UsersManager\TokenNotifications\TokenNotification;
use Piwik\SettingsPiwik;
use Piwik\Url;
use Piwik\View;

Expand Down Expand Up @@ -59,9 +60,9 @@ private function getRotationPeriodPretty(): string

protected function getManageAuthTokensLink(): string
{
return Url::getCurrentUrlWithoutQueryString()
. '?module=UsersManager'
. '&action=userSecurity'
return SettingsPiwik::getPiwikUrl()
. 'index.php?'
. Url::getQueryStringFromParameters(['module' => 'UsersManager', 'action' => 'userSecurity'])
. '#authtokens';
}
protected function getDefaultSubject(): string
Expand Down
8 changes: 5 additions & 3 deletions plugins/UsersManager/TokenNotificationProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,13 @@ public function getTokenNotificationsForDispatch(): array
}

$db = Db::get();
$sql = "SELECT * FROM " . Common::prefixTable('user_token_auth')
$sql = "SELECT * FROM " . Common::prefixTable('user_token_auth') . " AS uta"
. " JOIN " . Common::prefixTable('user') . " AS u ON uta.login = u.login"
. " WHERE (date_expired is null or date_expired > ?)"
. " AND (date_created <= ?)"
. " AND ts_rotation_notified is null"
. " AND system_token = 0";
. " AND system_token = 0"
. " AND u.email != '[email protected]' AND u.invited_by IS NULL";

$tokensToNotify = $db->fetchAll($sql, [
$this->today,
Expand All @@ -75,6 +77,6 @@ public function getTokenNotificationsForDispatch(): array

public function setTokenNotificationDispatched(string $tokenId): void
{
$this->userModel->setRotationNotificationWasSentForToken($tokenId, $this->today);
$this->userModel->setRotationNotificationWasSentForToken($tokenId, Date::factory('now')->getDatetime());
}
}
Loading