Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Detect if tracking request needs authentication but is not authenticated as early as possible before doing any DB connection ideally #14801
In https://github.com/matomo-org/matomo/blob/3.12.0-b1/core/Tracker/Visit.php#L123 we already check early whether the site exists before doing any "work".
The same way we should check if a tracking API parameter is used that requires authentication very early in the request (after the site request). We're wanting to this for tracking API request parameters where we know the request would fail otherwise.
We're wanting to do this after
If any of them are set, and request is not authenticated, we fail right away. The tracking failure should be still logged which is done in
For the location tracking parameters we would throw an exception like in
We probably don't need any tests for this as behaviour should just stay the same. need to make sure though (eg manually) that when using one of those parameters, and we are not authenticated with token_auth that a tracking failure is triggered