search

umbraco / Umbraco.Forms.Issues

Public issue tracker for Umbraco Forms
29 stars 0 forks source link

Can't submit existing form causes Invalid value for 'encryptedTicket' #632

Closed GianniDPC closed 3 years ago

GianniDPC commented 3 years ago

Reproduction

Bug summary

The problem occurs when trying to submit an existing form with files linked to them. I have upgraded to version 8.7.6 to apply the security patch. I also edited the appropriate FileUpload razor files to reflect the changes.

I don't quite understand why this is happening. I have to add that I created my own 'myFileUploader' type but the only thing it does is inherit from FileUpload.

Specifics

I am using Umbraco Forms version 8.7.6 together with umbraco 8.5.3

Steps to reproduce

See summary

Expected result

The form to submit and persist the changes.

Actual result

Following exception occurs:

2021-08-25 08:43:28.8684 | System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
   at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)
   at Umbraco.Core.StringExtensions.DecryptWithMachineKey(String value) in d:\a\1\s\src\Umbraco.Core\StringExtensions.cs:line 309
   at Umbraco.Forms.Core.Providers.FieldTypes.FileUpload.DecryptFilePath(String path)
   at Umbraco.Forms.Core.Providers.FieldTypes.FileUpload.ValidateField(Form form, Field field, IEnumerable`1 postedValues, HttpContextBase context, IFormStorage formStorage)
   at Umbraco.Forms.Web.Controllers.UmbracoFormsController.ValidateFormState(FormViewModel model, Form form, HttpContextBase context)
   at Umbraco.Forms.Web.Controllers.UmbracoFormsController.HandleForm(FormViewModel model)
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_6.<BeginInvokeAction>b__4()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__1(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.<>c.<BeginExecute>b__151_2(IAsyncResult asyncResult, Controller controller)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) | System.ArgumentException: Invalid value for 'encryptedTicket' parameter.
   at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)
   at Umbraco.Core.StringExtensions.DecryptWithMachineKey(String value) in d:\a\1\s\src\Umbraco.Core\StringExtensions.cs:line 309
   at Umbraco.Forms.Core.Providers.FieldTypes.FileUpload.DecryptFilePath(String path)
   at Umbraco.Forms.Core.Providers.FieldTypes.FileUpload.ValidateField(Form form, Field field, IEnumerable`1 postedValues, HttpContextBase context, IFormStorage formStorage)
   at Umbraco.Forms.Web.Controllers.UmbracoFormsController.ValidateFormState(FormViewModel model, Form form, HttpContextBase context)
   at Umbraco.Forms.Web.Controllers.UmbracoFormsController.HandleForm(FormViewModel model)
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c.<BeginInvokeSynchronousActionMethod>b__9_0(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_6.<BeginInvokeAction>b__4()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__1(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.<>c.<BeginExecute>b__151_2(IAsyncResult asyncResult, Controller controller)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
kevinlefebure commented 3 years ago

Having the same issue with Forms v8.3.4 and Umbraco 8.5.1.

AndyButland commented 3 years ago

Just to make sure I understand, you are editing a previously submitted form a second time via the front-end website?

GianniDPC commented 3 years ago

Just to make sure I understand, you are editing a previously submitted form a second time via the front-end website?

That’s correct. Was working perfectly fine before the security patch though.

kevinlefebure commented 3 years ago

Any progress on this issue? Currently this is blocking normal operation on a client's project... And reverting the patch is not a fix of course.

AndyButland commented 3 years ago

Yes, I've got a fix for this in the PR linked to this ticket - which will be in 8.8.0. That's not out for a couple of weeks though. In the meantime, I can prepare a dll for download to update 8.7.6.

AndyButland commented 3 years ago

The dll can be downloaded from here. This is a patch for 8.7.6 so if running that version, you should be able to replace the single dll provided in the linked zip file, in order to verify and run with the fix.

As noted this will be included in 8.8.0, expected in a couple of weeks.

kevinlefebure commented 3 years ago

@AndyButland Thanks for that, only problem is, I'm running v8.3.4... Is it possible to do the same thing for this version? Updating is something that I don't like doing with live projects... (as proven with this patch ;-) ) Will there be a fix for each version of this patch?

AndyButland commented 3 years ago

I'd encourage if you can to upgrade to the latest minor for Forms - as I expect you'd benefit form quite a few bug fixes and features that have been introduced since the version you are on. It's not normally the process to back-port bug fixes to previous minors, so no, I wasn't intending to provide a patch for them all - just the latest. We did this for the security patch as of course it's important we provide the easiest path we can for customers to get onto a version with the issue resolved.

That said, I do appreciate that this bug, even if only manifesting in certain scenarios - where forms are being re-edited, and with file uploads - has been introduced as part of the security patch, so I'll have a look at creating a similar dll patch for 8.3. Hopefully that'll tide you over while you try to find some time to upgrade to the latest version of Forms and then can be back on the official release versions.

AndyButland commented 3 years ago

Here's the single dll patch for 8.3.4,

elit0451 commented 3 years ago

The issue has been fixed and is due in the next release 🎊

NurhakKaya commented 2 years ago

@AndyButland @elit0451 Is there a fix for the same problem for Umbraco 7 and Umbraco Forms v7.4.3, please?

I have got the exact same scenario and the problem for my Umbraco 7.15.4 project.

AndyButland commented 2 years ago

@NurhakKaya - I'll prepare a back-port of this for this for the latest version of Forms for Umbraco 7, which will be released in the 7.5.8 of Forms. Once that's out, would you be able to upgrade to that? Seems that should be OK as the minor release from 7.4 to 7.5 was designated a minor due to a new feature being introduced, and there were no documented breaking changes.

NurhakKaya commented 2 years ago

Thanks @AndyButland , that'd be very good and upgrade should be fine. When do you plan to release v7.5.8 of Forms, please?

AndyButland commented 2 years ago

Should be within a couple of weeks, but if you need it sooner I can likely make available a pre-release, so let me know.

NurhakKaya commented 2 years ago

A pre-release would be great if you can @AndyButland . Thank you for your help.

AndyButland commented 2 years ago

Forms 7.5.8 with this fix ported back is available now @NurhakKaya on NuGet and our. It'll be rolled out as an auto-upgrade on Umbraco Cloud projects next week.

NurhakKaya commented 2 years ago

Excellent work @AndyButland , thank you so much for sorting this out so quickly. #h5yr

NurhakKaya commented 2 years ago

I can confirm that @AndyButland 's fix works with Umbraco Forms v7.5.8. Thanks again for your help Andy.

AndyButland commented 2 years ago

You're welcome, and thanks for confirming.