In https://github.com/matomo-org/matomo/blob/3.12.0-b1/core/Tracker/Visit.php#L123 we already check early whether the site exists before doing any "work".
The same way we should check if a tracking API parameter is used that requires authentication very early in the request (after the site request). We're wanting to this for tracking API request parameters where we know the request would fail otherwise.
We're wanting to do this after
manipulateRequest() was called. So basically here: https://github.com/matomo-org/matomo/blob/3.12.0-b1/core/Tracker/Visit.php#L131
lat (and other tracking parameters that fail in
If any of them are set, and request is not authenticated, we fail right away. The tracking failure should be still logged which is done in
Request::authenticateTrackingApi() and should just work automatically.
cdt it may be enough to call
$trackerRequest->getCurrentTimestamp() which will then trigger the exception.
For the location tracking parameters we would throw an exception like in
We probably don't need any tests for this as behaviour should just stay the same. need to make sure though (eg manually) that when using one of those parameters, and we are not authenticated with token_auth that a tracking failure is triggered