Security Validation Issue

Tony_Duke · January 10, 2019, 9:07am

Good Morning,

We are currently in the process of recreating our Forms Designer Forms in Plumsail Forms and have come across an issue. As part of the save process we have a function that gets a reference from another list and sets this into a field on the form and then increments this reference and posts it back to the other list. This function works perfectly in the Forms Designer forms, however it does not seem to work in the Plumsail Forms version we get a Security Validation alert from SharePoint and the Update fails Capture

My Code is below assistance please…

fd.spBeforeSave(function() {

setReference();

// Get and Set Quote Reference Number
function setReference () {
	var referenceNumber = retrieveQuoteReferenceNumberFromSettingsList();
	updateSettingsListItem((Number(referenceNumber) + 1));
	debugger;
	var reference = padReferenceNumber(referenceNumber)
	reference = reference + "-01";
	fd.field('Title').value = reference;
}

// Function to Retrieve Next Quote Reference Number from Setting List
function retrieveQuoteReferenceNumberFromSettingsList() {  
	var quoteNextRef;
	$.ajax({  
        url: _spPageContextInfo.webAbsoluteUrl + "/_api/web/lists/getbytitle('Settings')/Items?$select=OData__x0069_sd5&$filter=Setting_Name eq 'Quote Next Ref'",  
        type: "GET",
		cache: true,
		async: false, 
        headers: {  
            "accept": "application/json;odata=verbose",  
        },  
        success: function(data) {
			for (var i = 0; i < data.d.results.length; i++) {  
                var item = data.d.results[i]; 
				quoteNextRef = item.OData__x0069_sd5;				
            }  
        },  
        error: function(error) {  
            alert(error.responseText);
        }  
    });
	return quoteNextRef;
}

// Function to Pad Reference leading Zero's
function padReferenceNumber(reference) {
	var string = reference.toString();
	var len = 4;
	if (string.length < len) {
		string = ('0000' + string).slice(-len);
	}
	return string;
}

// Function to Update Settings List with Next Quote Reference Number
function updateSettingsListItem(nextSequenceNumber) {   	
	var SettingsListMetadataType = retrieveListItemType('Settings');
	var data = {
		    "__metadata": { "type": SettingsListMetadataType },
			"OData__x0069_sd5":nextSequenceNumber.toString()
		};
	$.ajax({  
        url: _spPageContextInfo.webAbsoluteUrl + "/_api/web/lists/GetByTitle('Settings')/items(9)", // list item ID  
        type: "POST",  
        data: JSON.stringify(data),
		async:false,
        headers: {  
            "Accept": "application/json;odata=verbose",  
            "Content-Type": "application/json;odata=verbose",  
            "X-RequestDigest": $("#__REQUESTDIGEST").val(),  
            "IF-MATCH": "*",  
            "X-HTTP-Method": "MERGE"  
        },  
        success: function(data) {  
             // alert('Update Success');
        },  
        error: function(error) { 
            alert(error.responseText); 
        }  
    });
}

// Function to Retrieve List Item Type
function retrieveListItemType(listName) {  
	var listItemType = '';
	$.ajax({  
        url: _spPageContextInfo.webAbsoluteUrl + "/_api/web/lists/getbytitle('"+listName+"')?$select=ListItemEntityTypeFullName",  
        type: "GET",
		async:false, 
        headers: {  
            "accept": "application/json;odata=verbose",  
        },  
        success: function(data) {
			listItemType=data.d.ListItemEntityTypeFullName;
        },  
        error: function(error) {  
            alert(error.status+":"+error.statusText);
        }  
    });
	return listItemType;
}

});

Thanks

AlexZver · January 11, 2019, 1:14pm

Dear Tony,

It’s not a usual issue, we need some time to analyze the code and figure out why it fails.

For now, I would recommend utilizing pnp-js library, that is available in Forms by “pnp” (no need to plug any libraries).

Tony_Duke · January 15, 2019, 1:14pm

Hi Alex,

I’m not really sure how to utilise this in my scenario, below is a typical example my code: -

// On Load Calculate pricing and update list item
function onLoadInProgressCalculateAndUpdate() {
	var subTotalSalesPriceCalc = calculateAndUpdateSubTotalSalesPrice();
	var calculatedSalesPriceCalc = calculateSalesPrice();
	var costUpliftProfitAndTotalCost = calculateAndUpdateCostUpliftProfitAndTotalCost();	
	var leasingFields =  onLoadLeasingPerMonthFields();
	var forecastMarginCalc = calculateAndUpdateForecastMargin();
	var budgetCommissionCalc = setInProgressBudgetCommission();
	var quotationsListMetadataType = retrieveListItemType('Solutions%20Quotations');
	var data = {
	    "__metadata": { "type": quotationsListMetadataType },
		"Sub_x0020_Total_x0020_Sales_x002": subTotalSalesPriceCalc.subTotalSalesPrice,
		"Total_x0020_Parts_x0020__x002d__": subTotalSalesPriceCalc.totalPartsPrice,
		"Calculated_x0020_Sales_x0020_Pri": calculatedSalesPriceCalc,
		"Sales_x0020_Price": calculatedSalesPriceCalc,
		"Left_x0020_to_x0020_Invoice": calculatedSalesPriceCalc,
		"Parts_x0020_Cost_x0020_Uplift": costUpliftProfitAndTotalCost.costUplift,
		"Cost_x0020_Uplift_x0020__x00a3_": costUpliftProfitAndTotalCost.costUplift,
		"Budget_x0020_Parts_x0020_Cost": costUpliftProfitAndTotalCost.partsTotalCost,
		"Actual_x0020_Parts_x0020_Cost": costUpliftProfitAndTotalCost.partsTotalCost,
		"Budget_x0020_Total_x0020_Cost": costUpliftProfitAndTotalCost.totalCost,
		"Actual_x0020_Cost": costUpliftProfitAndTotalCost.totalCost,
		"Profit": costUpliftProfitAndTotalCost.profit,
		"OData__x0033__x0020_Year_x0020_Leasing":leasingFields.threeYearLeasingPM,
		"OData__x0035__x0020_Year_x0020_Leasing":leasingFields.fiveYearLeasingPM,
		"Forecast_x0020_Profit":costUpliftProfitAndTotalCost.profit,
		"Actual_x0020_Profit":costUpliftProfitAndTotalCost.profit,
		"Profit_x0020_for_x0020_Commissio":costUpliftProfitAndTotalCost.profit,
		"Forecast_x0020_Margin":forecastMarginCalc,
		"Actual_x0020_Profit_x0020_Margin":forecastMarginCalc,
		"Invoiced_x0020_to_x0020_Date":'0',
		"Left_x0020_to_x0020_Invoice_x002":'1',
		"Budget_x0020_Commission_x0020__x":budgetCommissionCalc.budgetCommission,
		"Actual_x0020_Commission_x0020__x":budgetCommissionCalc.budgetCommission,
		"On_x0020_Order_x0020_Commission_":budgetCommissionCalc.onOrderOnCompletionCommissions,
		"On_x0020_Completion_x0020_Commis":budgetCommissionCalc.onOrderOnCompletionCommissions
	};			
	updateListItem('Solutions%20Quotations', itemId, data);		
}

// Function to Retrieve List Item Type.
function retrieveListItemType(listName) {  
	var listItemType = '';
	$.ajax({  
        url: _spPageContextInfo.webAbsoluteUrl + "/_api/web/lists/getbytitle('"+listName+"')?$select=ListItemEntityTypeFullName",  
        type: "GET",
		async:false, 
        headers: {  
            "accept": "application/json;odata=verbose",  
        },  
        success: function(data) {
			listItemType=data.d.ListItemEntityTypeFullName;
        },  
        error: function(error) {  
            alert(error.status+":"+error.statusText);
        }  
    });
	return listItemType;
}

// Function to Update list item with variables stored in data
function updateListItem(listName, itemId, data) {  
    $.ajax ({
        url: _spPageContextInfo.webAbsoluteUrl + "/_api/web/lists/GetByTitle('"+listName+"')/items("+itemId+")", // list item ID  
        type: "POST",  
        data: JSON.stringify(data),
		async: false,
        headers: {  
            "Accept": "application/json;odata=verbose",  
            "Content-Type": "application/json;odata=verbose",  
            "X-RequestDigest": $("#__REQUESTDIGEST").val(),  
            "IF-MATCH": "*",  
            "X-HTTP-Method": "MERGE"  
        },  
        success: function(data) {  
             // alert('Update Success');
        },  
        error: function(error) { 
            alert(error.responseText); 
        }  
    });
}

Ideally I would just replace the updatListItem function, but from looking at the pnp-js library documentation the data format seems to be different, I tried the following code but no luck: -

// On Load Calculate pricing and update list item
function onLoadInProgressCalculateAndUpdate() {
	var subTotalSalesPriceCalc = calculateAndUpdateSubTotalSalesPrice();
	var calculatedSalesPriceCalc = calculateSalesPrice();
	var costUpliftProfitAndTotalCost = calculateAndUpdateCostUpliftProfitAndTotalCost();	
	var leasingFields =  onLoadLeasingPerMonthFields();
	var forecastMarginCalc = calculateAndUpdateForecastMargin();
	var budgetCommissionCalc = setInProgressBudgetCommission();
	import { sp } from "@pnp/sp";
	var list = sp.web.lists.getByTitle("Solutions%20Quotations");
	list.items.getById(itemId).update({
		Sub_x0020_Total_x0020_Sales_x002: subTotalSalesPriceCalc.subTotalSalesPrice,
		Total_x0020_Parts_x0020__x002d__: subTotalSalesPriceCalc.totalPartsPrice,
		Calculated_x0020_Sales_x0020_Pri: calculatedSalesPriceCalc,
		Sales_x0020_Price: calculatedSalesPriceCalc,
		Left_x0020_to_x0020_Invoice: calculatedSalesPriceCalc,
		Parts_x0020_Cost_x0020_Uplift: costUpliftProfitAndTotalCost.costUplift,
		Cost_x0020_Uplift_x0020__x00a3_: costUpliftProfitAndTotalCost.costUplift,
		Budget_x0020_Parts_x0020_Cost: costUpliftProfitAndTotalCost.partsTotalCost,
		Actual_x0020_Parts_x0020_Cost: costUpliftProfitAndTotalCost.partsTotalCost,
		Budget_x0020_Total_x0020_Cost: costUpliftProfitAndTotalCost.totalCost,
		Actual_x0020_Cost: costUpliftProfitAndTotalCost.totalCost,
		Profit: costUpliftProfitAndTotalCost.profit,
		OData__x0033__x0020_Year_x0020_Leasing:leasingFields.threeYearLeasingPM,
		OData__x0035__x0020_Year_x0020_Leasing:leasingFields.fiveYearLeasingPM,
		Forecast_x0020_Profit:costUpliftProfitAndTotalCost.profit,
		Actual_x0020_Profit:costUpliftProfitAndTotalCost.profit,
		Profit_x0020_for_x0020_Commissio:costUpliftProfitAndTotalCost.profit,
		Forecast_x0020_Margin:forecastMarginCalc,
		Actual_x0020_Profit_x0020_Margin:forecastMarginCalc,
		Invoiced_x0020_to_x0020_Date:"0",
		Left_x0020_to_x0020_Invoice_x002:"1",
		Budget_x0020_Commission_x0020__x:budgetCommissionCalc.budgetCommission,
		Actual_x0020_Commission_x0020__x:budgetCommissionCalc.budgetCommission,
		On_x0020_Order_x0020_Commission_:budgetCommissionCalc.onOrderOnCompletionCommissions,
		On_x0020_Completion_x0020_Commis:budgetCommissionCalc.onOrderOnCompletionCommissions
	}).then(i => {
		console.log(i);
	})
}

Any help would be very much appreciated…

Thanks

Nikita_Kurguzov · January 15, 2019, 3:47pm

Dear Tony,
You can try it like this, it should work, no need to import anything pnp is already available:

var list = pnp.sp.web.lists.getByTitle("My List");
list.items.getById(1).update({
    Title: "My New Title"
}).then(function(){
    console.log("Updated!");
});