User tests: Successful: Unsuccessful:
Pull Request for Issue # .
This Pull Request (PR) solves following issues with database checks when doing a new installation of Joomla 4 (Joomla 3 doesn't have these issues):
With this PR, all checks of database connection parameters before connecting, the connection test and then the checks after connection (version number and encryption support and status) are done at all necessary places in both setup model and database model. This might look redundant at the first look, but it makes sure that during a normal setup we detect problems at the earliest possible stage and still are waterproof for the case that some CLI installer directly uses the database model.
In Joomla 3, the first issue is not an issue because there we don't have separate version requirements by the CMS which are more restrictive than those of the database drivers, and these are already checked at all places.
The second and third issues are not relevant for Joomla 3 because there are no database connection parameters checks in the setup model, they are all at one place in the database model, and creating a new database works only for MySQLi anyway.
It needs tests with MySQL and with PostgreSQL databases, details see below.
Testers please report back which kind of database you have used for the test. If you have both, please test both.
We can better count then if we have enough tests for both kinds of databases.
For the tests "Test 1" and "Test 2" you need a database server with a version which does not fulfill the CMS' requirement on the minimum server version, which are:
In case if you don't have such an old database server, instructions how to patch the CMS requirement are given at the beginning of each of these two tests.
In addition it needs a PDO database client for tests "Test 1" and "Test 2" so you can use "MySQL (PDO)" or "PostgreSQL (PDO)".
For the tests "Test 3" and "Test 4" you either need a database server on a remote host, or if you don't have that and have only a local database, make sure that your computer can be accessed with TCP/IP using something else than "localhost" or "127.0.0.1" or "::1", i.e. with some host name. You can add an entry to your local hosts file ("/etc/hosts" on Linux and "C:\Windows\System32\drivers\etc\hosts" on Windows) so that e.g. "myfancyhostname" resolves to "127.0.0.1", and use "myfancyhostname" for the installation.
"Test 3", "Test 4" and "Test 5" can be done with any kind of database server and client.
Result: There is an empty database with this name.
joomla-cms/installation/src/Helper/DatabaseHelper.php
Lines 29 to 54 in ef07cb9
Result: There is no empty database with this name.
Note: If you execute this test after the previous one you have to make sure all session data is cleared, i.e. either delete the session cookie or close the browser window and open a new one.
As the title of this test says: Try to fool the installation's database checks on a current 4.0-dev or latest 4.0 nightly build with the patch of this PR applied.
If possible, test with all available database types.
Enter first wrong things, then correct and continue, or enter again other wrong things, like wrong username or password or a not existing database without the user having permissions to create one, or invalid database names e.g. with not allowed special characters, whatever comes into your mind.
Especially in case of the MySQLi driver, error messages are sometimes not very englighting, but there are some in any case, and you always come back to the form so you can correct your entries and try again.
Make sure that and the end when you have corrected everything in the form after the nth attempt so that all is right, you can finish the installation with success.
None.
Status | New | ⇒ | Pending |
Category | ⇒ | Installation |
Title |
|
Labels |
Added:
?
|
@SniperSister @zero-24 Since people seem to be reluctant to test this PR: Maybe we can delegate testing to the SST?
I followed your instructions and in general: Yes it is working. The database is created after everything else. The security step comes before the failing authentication.
But I have another problem. When I click "Install Joomla", the message "Error The installation process failed." appears. After a second click: "Error JINVALID_TOKEN_NOTICE" and finally a third click brings up "Error You need MariaDB 10.5 or higher to continue the installation. Your version is: 10.4.6-MariaDB". At least without the patch. I don't receive the last message with the patch. Only the first message again.
Is my test successful now and this problem is out of scope for this patch? I freshly cloned and installed everything before testing this patch.
dbserver: mysql
dbversion: 10.4.6-MariaDB
phpversion: 7.3.9
server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.9
version: Joomla! 4.0.0-beta2-dev Development [ Mañana ] 30-May-2020 21:13 GMT
useragent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
@fancyFranci I would say it is out of scope of this PR. No idea what's happening. Only thing maybe could be that if you do a test of this PR soon after a previous test of this PR, still using the same broswer session, the installation may use old session data stored in the session cookie. Do you get this "Error JINVALID_TOKEN_NOTICE" if you delete all cookies from the domain (or localhost) you use for testing, or close browser windows between the tests (that should be enough)?
The "JINVALID_TOKEN_NOTICE" message appears when I'm not leaving the form/session/browser. Just click "Install Joomla" again, after getting "The installation process failed". It is confusing, that I get the correct (and much more helpful) message, after clicking the button a third time (same window, same session). Unfortunately only without your patch.
I would really like to give you a successful test, but I can't do that, with the missing (helpful) error message :/ I hope it is a problem on my system only. At least Test 3 + 4 are working!
@fancyFranci For the tests 1 and 2, did you use a user who has the permission to create a database? On normal local installations this is "root" for MySQL or MariaDB, and "postgres" for PostgreSQL databases. Can you install J4 with such a user with creating a new database, i.e. specify not existing database during installation, when this PR is not applied and the hack for the version number requirement is not made, i.e. a normal 4.0-dev branch or nightly or Beta 1?
@fancyFranci P.S.: When you have made an installation and now delete configuration.php to make a new one, then you should close your browser window, otherwise you get this annoying "JINVALID_TOKEN_NOTICE". This has nothing to do with this PR and it not really an issue, since normally nobody installs Joomla and then deleted configuration.php to install it again. So this is really unrelated to this PR, regardless if in this case there is a useful error message or not with or without my PR. The question is: Does my PR work if you use a new browser session for Test 2 after you have made Test 1, also in a new session?
I have tested this item
This PR fixes the issues reported to the @joomla/security JSST by me post beta1 //@SniperSister
@PhilETaylor Thanks for testing.
@fancyFranci Thanks for testing, even if the result is not (yet) what I expect. But maybe you could have a look again? Anyway, even if not, I really appreciate your efforts. I know it's not little work.
Labels |
Added:
?
|
@PhilETaylor Sorry for the inconvenience. Could you test again with the last change? It should not make a difference, so maybe even a code review is sufficient. Then set your test result again in the issue tracker? Thanks in advance.
@Quy Done. Will you do a test?
@PhilETaylor Sorry for the inconvenience. Could you test again? Thanks in advance.
@fancyFranci Could you repeat your test? I know it's time consuming. But there was a change in J4 ( #29556 ) which could possibily help here with the problems you had in tests 1 and 2. And clear the session cookie or close the browser window at the beginning of test 1 and test 2. Thanks in advance.
@PhilETaylor Sorry for the inconvenience. Could you test again? Thanks in advance.
I have tested this item
I have only tested the security aspect to resolve the issue I reported to the JSST.
Status | Pending | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-06-11 20:49:26 |
Closed_By | ⇒ | wilsonge |
Thanks!
OK to close PR #25144?