Webform handlers gets called twice on WebformSubmission POST

Created on 17 August 2020, over 4 years ago

Updated 8 December 2023, about 1 year ago

Problem/Motivation

When submitting a Webform submission via POST, \Drupal\webform_rest\Plugin\rest\resource\WebformSubmitResource handles the request.
WebformSubmitResource first validates form values, then submits the form values.

The problem is the following:
WebformSubmissionForm::validateFormValues() actually calls WebformSubmissionForm::submitWebformSubmission(), so after when WebformSubmitResource calls WebformSubmissionForm::submitFormValues($values), it also calls WebformSubmissionForm::submitWebformSubmission() a second time.

The effect is that any webform handler is called twice, same for form alter hooks.

Aside of performance problems, running the logic twice on the same form values usually don't crash, but in my case I am working on a server-side Google reCAPTCHA validator as a Webform handler.

reCaptcha response token can only be validated once to prevent replay attacks.

So when submitting a form containing a reCAPTCHA token it validates fine, then the actual webform submission fails with the following side effect:
Error : Call to a member function id() on array in Drupal\webform_rest\Plugin\rest\resource\WebformSubmitResource->post() (/var/www/project/web/modules/contrib/webform_rest/src/Plugin/rest/resource/WebformSubmitResource.php line 82)

Steps to reproduce

Implement a Webform handler that logs a test message to watchdog.

Proposed resolution

Digging into WebformSubmissionForm::submitWebformSubmission(), it appears that this method returns an array in case of errors. So we can use this to track the validation status.

Despite WebformSubmissionForm::validateFormValues() is public, I suspect that its more a private API method.

The following patch implements the proposed solution.

Remaining tasks

Review/test the proposed patch.

🐛 Bug report

Status

Fixed

Version

4.0

Component

Code

Created by

🇫🇷France manu manu Aix-en-Provence

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇳🇱Netherlands uberengineer
Patch no longer applies to 4.0.3
It seems that the submit handler no longer returns twice in this version
Comment over 1 year ago →
wotts
Updated the patch for the current dev version
Status changed to Needs review over 1 year ago10:39am 2 June 2023
Comment over 1 year ago →
🇳🇴Norway gisle Norway
Changing status. Please review the patch in comment #17.
Status changed to RTBC over 1 year ago9:53am 5 June 2023
Comment over 1 year ago →
🇳🇱Netherlands Roderik de Langen
Tested the patch and it works!
Comment over 1 year ago →
🇬🇧United Kingdom chrisscrumping
Tested #17 and it works.
Comment about 1 year ago →
🇵🇹Portugal nsalves
Commited, thank you all
Status changed to Fixed about 1 year ago11:57pm 8 December 2023
Comment about 1 year ago →
🇵🇹Portugal nsalves
Comment about 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024