Skip to content

Update the credis library to support Redis Sentinel 6 & 7 and add username+pwd support to the plugin.#325

Open
bdeclerc wants to merge 2 commits into
matomo-org:5.x-devfrom
bdeclerc:5.x-dev-BD
Open

Update the credis library to support Redis Sentinel 6 & 7 and add username+pwd support to the plugin.#325
bdeclerc wants to merge 2 commits into
matomo-org:5.x-devfrom
bdeclerc:5.x-dev-BD

Conversation

@bdeclerc

Copy link
Copy Markdown

Description

Issue No

Steps to Replicate the Issue

Try to use the plugin with a Redis Sentinel 6 or 7 with username+pwd authentication

@AltamashShaikh

Copy link
Copy Markdown
Contributor

@bdeclerc Is this ready for review ?

@bdeclerc

Copy link
Copy Markdown
Author

It should be ready - we tested it on our environment vs Redis Sentinel 7.2 and it worked - didn't test any other configurations though.

@AltamashShaikh
AltamashShaikh requested a review from a team July 17, 2026 05:28

@AltamashShaikh AltamashShaikh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bdeclerc Thanks for the PR, some review comments, please let us know, if something is unclear or you have no idea on how to resolve the issueu.

1. 🔴 Redis::auth() called with 2 args — crashes every password-auth connection

  Queue/Backend/Redis.php:267
  $success = $this->redis->auth($this->password, $this->username);
  $this->redis is native phpredis (new \Redis()), whose auth() takes exactly one argument. I confirmed this live on this machine (PHP 8.3.30 / phpredis 6.3.0):
  Redis::auth() expects exactly 1 argument, 2 given  (ArgumentCountError)
  Because the second arg is always passed (username is null when unset), this throws for every existing user who uses a Redis password, not just ACL users — a hard regression on the
  plain redis backend. It also never actually transmits the ACL username. This path was clearly never exercised (the PR was tested against Sentinel, which uses the separate
  Credis_Client path). Fix:
  if ($success && !empty($this->password)) {
      $success = !empty($this->username)
          ? $this->redis->auth([$this->username, $this->password])
          : $this->redis->auth($this->password);
  }

  2. 🟠 RedisCluster backend silently drops the username

  Queue/Factory.php:87 calls setConfig($host, $port, $timeout, $password, $username) for all Redis backends, but Queue/Backend/RedisCluster.php:318 setConfig() still takes only 4
  params, and new \RedisCluster(...) (line 311) never receives a username. PHP silently ignores the extra userland arg (no crash), so a username configured in the UI has no effect and
  no error on the cluster backend — silent misconfiguration. Either add username support there or explicitly reject username + cluster.

  3. 🟡 New setting bypasses translations (project convention)

  SystemSettings.php:246,251 hardcodes English:
  $field->title = 'Redis Username';
  $field->inlineHelp = 'Username for Redis ACL authentication. Leave empty if not used.';
  Every sibling setting uses Piwik::translate('QueuedTracking_...') with keys in lang/en.json (e.g. createRedisPasswordSetting). Add
  QueuedTracking_RedisUsernameFieldTitle/...FieldHelp keys and use Piwik::translate. Minor: siblings also append . '</br>' to inlineHelp; this one doesn't.

  4. 🟡 No test coverage for the new path

  tests/Integration/Queue/Backend/RedisTest.php — nothing added for username, and the existing setConfig(...) calls still pass 4 args. A single ACL-auth integration test would have
  caught finding #1. Please add one.

@bdeclerc

Copy link
Copy Markdown
Author

I will take the feedback and work on integrating the necessary fixes - I'll come back when it is done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants