matomo
matomo copied to clipboard
matomo-org
[Bug] Installation can be continued with missing database privileges
What happened?
Installed Matomo on a develolment laptop and received an Access Denied error on the dashboard for the VisitFrequency plugin
What should happen?
The system check should gives some information about the datbase user not being granted the create permission.
How can this be reproduced?
Create a new database user and do not grant them the Create permission and install Matomo using the new database user.
Matomo version
5.1.0-b1
PHP version
8.1.2
Server operating system
Ubuntu 22.04.1 LTS
What browsers are you seeing the problem on?
Chrome
Computer operating system
Ubuntu 22.04.1 LTS
Relevant log output
No response
Validations
- [X] Read our Contributing Guidelines.
- [X] Follow our Security Policy.
- [X] Check that there isn't already an issue that reports the same bug to avoid creating duplicates.
- [X] The provided steps to reproduce is a minimal reproducible of the Bug.
Hi @textagroup, can you please provide some more information on how you installed Matomo? Did you went through the standard installation process and that worked and then it showed the error on the dashboard? I would expect the installation process to fail earlier if it couldn't create the db tables.
The installation should already fail when your user doesn't have the CREATE TABLE permission. Also Matomo already has a check for CREATE TEMPORARY TABLE. And I guess this implies CREATE TABLE
I have just reinstalled Matomo again to try and replicate the issue with a DB user who does not have the "CREATE TEMPORARY TABLES" permission. I am not able to replicate the issue which could have been related to how I installed it initially.
One thing I did notice is that the alert for the necesary database permissions does not appear when selecting the MYSQLI (video attached) adapter however it does seem to work correctly. Screencast from 10-05-24 09:23:15.webm
@textagroup The installation checks for all permissions that are required for using Matomo. But the CREATE TEMPORARY TABLE privilege isn't required for the installation. It will be required for being able to run archiving later.
But it should indeed not be the case, that you can simply continue with missing privileges, so that is something we might need to check in detail.
@sgiehl The validateOwner method in FormDatabaseSetup expects an exception to be thrown when running the requiredPrivileges SQL statements. The MYSQLI adapter does not throw an exception but returns -1 instead. The following PR resolves this and the video below is of the testing that I performed. checkSqlReturn.webm