View Issue Details

This bug affects 1 person(s).
 4
IDProjectCategoryView StatusLast Update
17661Bug reportsSurvey takingpublic2021-11-30 19:59
Reporterfabianlehner Assigned Togalads  
PrioritynoneSeverityminor 
Status confirmedResolutionopen 
Product Version5.x 
Summary17661: Resume from link: "no matching saved response"
DescriptionAfter saving a response, when clicking the reload link from the email, the error message "There is no matching saved response." is shown.

I strongly assume this is due to https://github.com/LimeSurvey/LimeSurvey/commit/720b5e5751dcd35f1abcc496addf7e12b6525d19, where the password has been removed from the email (and probably also from the link).
It might be a design decision to require the password even when clicking the link from the email; in that case, the message would have to be changed in order not to confuse users.

Lines 427-429 would also include the client token; for public surveys this doesn't help though.
Steps To ReproduceSteps to reproduce
------------------------------
1. Create a simple survey (see example) with save-and-resume enabled.
2. Run the survey and save.
3. From the email received, click the resume link.
4. Limesurvey opens, showing "There is no matching saved response.", even though the actual problem is that the required credentials aren't included in the link.

Expected result
-------------------------
Either survey opens with formerly filled data,
or message shows "Please enter the username and password you set earlier" or the like.

Actual result
-----------------
see 4.
TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)5.1.15+211011
I will donate to the project if issue is resolvedNo
Browser
Database type & versionpgsql 11.12
Server OS (if known)Debian 11.12
Webserver software & version (if known)
PHP Version 7.3.31

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

fabianlehner

fabianlehner

2021-10-13 11:26

reporter  

limesurvey_survey_949925_resumetest.lss (15,194 bytes)   
<?xml version="1.0" encoding="UTF-8"?>
<document>
 <LimeSurveyDocType>Survey</LimeSurveyDocType>
 <DBVersion>475</DBVersion>
 <languages>
  <language>en</language>
 </languages>
 <groups>
  <fields>
   <fieldname>gid</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>group_order</fieldname>
   <fieldname>randomization_group</fieldname>
   <fieldname>grelevance</fieldname>
  </fields>
  <rows>
   <row>
    <gid><![CDATA[10]]></gid>
    <sid><![CDATA[949925]]></sid>
    <group_order><![CDATA[1]]></group_order>
    <randomization_group/>
    <grelevance><![CDATA[1]]></grelevance>
   </row>
  </rows>
 </groups>
 <group_l10ns>
  <fields>
   <fieldname>id</fieldname>
   <fieldname>gid</fieldname>
   <fieldname>group_name</fieldname>
   <fieldname>description</fieldname>
   <fieldname>language</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>group_order</fieldname>
   <fieldname>randomization_group</fieldname>
   <fieldname>grelevance</fieldname>
  </fields>
  <rows>
   <row>
    <id><![CDATA[10]]></id>
    <gid><![CDATA[10]]></gid>
    <group_name><![CDATA[My first question group]]></group_name>
    <language><![CDATA[en]]></language>
    <sid><![CDATA[949925]]></sid>
    <group_order><![CDATA[1]]></group_order>
    <randomization_group/>
    <grelevance><![CDATA[1]]></grelevance>
   </row>
  </rows>
 </group_l10ns>
 <questions>
  <fields>
   <fieldname>qid</fieldname>
   <fieldname>parent_qid</fieldname>
   <fieldname>sid</fieldname>
   <fieldname>gid</fieldname>
   <fieldname>type</fieldname>
   <fieldname>title</fieldname>
   <fieldname>preg</fieldname>
   <fieldname>other</fieldname>
   <fieldname>mandatory</fieldname>
   <fieldname>encrypted</fieldname>
   <fieldname>question_order</fieldname>
   <fieldname>scale_id</fieldname>
   <fieldname>same_default</fieldname>
   <fieldname>relevance</fieldname>
   <fieldname>modulename</fieldname>
   <fieldname>question_theme_name</fieldname>
  </fields>
  <rows>
   <row>
    <qid><![CDATA[93]]></qid>
    <parent_qid><![CDATA[0]]></parent_qid>
    <sid><![CDATA[949925]]></sid>
    <gid><![CDATA[10]]></gid>
    <type><![CDATA[T]]></type>
    <title><![CDATA[Q00]]></title>
    <other><![CDATA[N]]></other>
    <mandatory><![CDATA[N]]></mandatory>
    <encrypted><![CDATA[N]]></encrypted>
    <question_order><![CDATA[1]]></question_order>
    <scale_id><![CDATA[0]]></scale_id>
    <same_default><![CDATA[0]]></same_default>
    <relevance><![CDATA[1]]></relevance>
    <question_theme_name><![CDATA[longfreetext]]></question_theme_name>
   </row>
  </rows>
 </questions>
 <question_l10ns>
  <fields>
   <fieldname>id</fieldname>
   <fieldname>qid</fieldname>
   <fieldname>question</fieldname>
   <fieldname>help</fieldname>
   <fieldname>script</fieldname>
   <fieldname>language</fieldname>
  </fields>
  <rows>
   <row>
    <id><![CDATA[93]]></id>
    <qid><![CDATA[93]]></qid>
    <question><![CDATA[A first example question. Please answer this question:]]></question>
    <help><![CDATA[This is a question help text.]]></help>
    <language><![CDATA[en]]></language>
   </row>
  </rows>
 </question_l10ns>
 <surveys>
  <fields>
   <fieldname>sid</fieldname>
   <fieldname>gsid</fieldname>
   <fieldname>admin</fieldname>
   <fieldname>expires</fieldname>
   <fieldname>startdate</fieldname>
   <fieldname>adminemail</fieldname>
   <fieldname>anonymized</fieldname>
   <fieldname>faxto</fieldname>
   <fieldname>format</fieldname>
   <fieldname>savetimings</fieldname>
   <fieldname>template</fieldname>
   <fieldname>language</fieldname>
   <fieldname>additional_languages</fieldname>
   <fieldname>datestamp</fieldname>
   <fieldname>usecookie</fieldname>
   <fieldname>allowregister</fieldname>
   <fieldname>allowsave</fieldname>
   <fieldname>autonumber_start</fieldname>
   <fieldname>autoredirect</fieldname>
   <fieldname>allowprev</fieldname>
   <fieldname>printanswers</fieldname>
   <fieldname>ipaddr</fieldname>
   <fieldname>ipanonymize</fieldname>
   <fieldname>refurl</fieldname>
   <fieldname>showsurveypolicynotice</fieldname>
   <fieldname>publicstatistics</fieldname>
   <fieldname>publicgraphs</fieldname>
   <fieldname>listpublic</fieldname>
   <fieldname>htmlemail</fieldname>
   <fieldname>sendconfirmation</fieldname>
   <fieldname>tokenanswerspersistence</fieldname>
   <fieldname>assessments</fieldname>
   <fieldname>usecaptcha</fieldname>
   <fieldname>usetokens</fieldname>
   <fieldname>bounce_email</fieldname>
   <fieldname>attributedescriptions</fieldname>
   <fieldname>emailresponseto</fieldname>
   <fieldname>emailnotificationto</fieldname>
   <fieldname>tokenlength</fieldname>
   <fieldname>showxquestions</fieldname>
   <fieldname>showgroupinfo</fieldname>
   <fieldname>shownoanswer</fieldname>
   <fieldname>showqnumcode</fieldname>
   <fieldname>bouncetime</fieldname>
   <fieldname>bounceprocessing</fieldname>
   <fieldname>bounceaccounttype</fieldname>
   <fieldname>bounceaccounthost</fieldname>
   <fieldname>bounceaccountpass</fieldname>
   <fieldname>bounceaccountencryption</fieldname>
   <fieldname>bounceaccountuser</fieldname>
   <fieldname>showwelcome</fieldname>
   <fieldname>showprogress</fieldname>
   <fieldname>questionindex</fieldname>
   <fieldname>navigationdelay</fieldname>
   <fieldname>nokeyboard</fieldname>
   <fieldname>alloweditaftercompletion</fieldname>
   <fieldname>googleanalyticsstyle</fieldname>
   <fieldname>googleanalyticsapikey</fieldname>
   <fieldname>tokenencryptionoptions</fieldname>
  </fields>
  <rows>
   <row>
    <sid><![CDATA[949925]]></sid>
    <gsid><![CDATA[1]]></gsid>
    <admin><![CDATA[inherit]]></admin>
    <adminemail><![CDATA[inherit]]></adminemail>
    <anonymized><![CDATA[N]]></anonymized>
    <format><![CDATA[I]]></format>
    <savetimings><![CDATA[N]]></savetimings>
    <template><![CDATA[inherit]]></template>
    <language><![CDATA[en]]></language>
    <additional_languages/>
    <datestamp><![CDATA[N]]></datestamp>
    <usecookie><![CDATA[I]]></usecookie>
    <allowregister><![CDATA[I]]></allowregister>
    <allowsave><![CDATA[I]]></allowsave>
    <autonumber_start><![CDATA[0]]></autonumber_start>
    <autoredirect><![CDATA[I]]></autoredirect>
    <allowprev><![CDATA[I]]></allowprev>
    <printanswers><![CDATA[I]]></printanswers>
    <ipaddr><![CDATA[N]]></ipaddr>
    <ipanonymize><![CDATA[N]]></ipanonymize>
    <refurl><![CDATA[N]]></refurl>
    <showsurveypolicynotice><![CDATA[0]]></showsurveypolicynotice>
    <publicstatistics><![CDATA[I]]></publicstatistics>
    <publicgraphs><![CDATA[I]]></publicgraphs>
    <listpublic><![CDATA[I]]></listpublic>
    <htmlemail><![CDATA[I]]></htmlemail>
    <sendconfirmation><![CDATA[I]]></sendconfirmation>
    <tokenanswerspersistence><![CDATA[I]]></tokenanswerspersistence>
    <assessments><![CDATA[I]]></assessments>
    <usecaptcha><![CDATA[E]]></usecaptcha>
    <usetokens><![CDATA[N]]></usetokens>
    <bounce_email><![CDATA[inherit]]></bounce_email>
    <emailresponseto><![CDATA[inherit]]></emailresponseto>
    <emailnotificationto><![CDATA[inherit]]></emailnotificationto>
    <tokenlength><![CDATA[-1]]></tokenlength>
    <showxquestions><![CDATA[I]]></showxquestions>
    <showgroupinfo><![CDATA[I]]></showgroupinfo>
    <shownoanswer><![CDATA[I]]></shownoanswer>
    <showqnumcode><![CDATA[I]]></showqnumcode>
    <bounceprocessing><![CDATA[N]]></bounceprocessing>
    <showwelcome><![CDATA[I]]></showwelcome>
    <showprogress><![CDATA[I]]></showprogress>
    <questionindex><![CDATA[-1]]></questionindex>
    <navigationdelay><![CDATA[-1]]></navigationdelay>
    <nokeyboard><![CDATA[I]]></nokeyboard>
    <alloweditaftercompletion><![CDATA[I]]></alloweditaftercompletion>
    <tokenencryptionoptions/>
   </row>
  </rows>
 </surveys>
 <surveys_languagesettings>
  <fields>
   <fieldname>surveyls_survey_id</fieldname>
   <fieldname>surveyls_language</fieldname>
   <fieldname>surveyls_title</fieldname>
   <fieldname>surveyls_description</fieldname>
   <fieldname>surveyls_welcometext</fieldname>
   <fieldname>surveyls_endtext</fieldname>
   <fieldname>surveyls_policy_notice</fieldname>
   <fieldname>surveyls_policy_error</fieldname>
   <fieldname>surveyls_policy_notice_label</fieldname>
   <fieldname>surveyls_url</fieldname>
   <fieldname>surveyls_urldescription</fieldname>
   <fieldname>surveyls_email_invite_subj</fieldname>
   <fieldname>surveyls_email_invite</fieldname>
   <fieldname>surveyls_email_remind_subj</fieldname>
   <fieldname>surveyls_email_remind</fieldname>
   <fieldname>surveyls_email_register_subj</fieldname>
   <fieldname>surveyls_email_register</fieldname>
   <fieldname>surveyls_email_confirm_subj</fieldname>
   <fieldname>surveyls_email_confirm</fieldname>
   <fieldname>surveyls_dateformat</fieldname>
   <fieldname>surveyls_attributecaptions</fieldname>
   <fieldname>email_admin_notification_subj</fieldname>
   <fieldname>email_admin_notification</fieldname>
   <fieldname>email_admin_responses_subj</fieldname>
   <fieldname>email_admin_responses</fieldname>
   <fieldname>surveyls_numberformat</fieldname>
   <fieldname>attachments</fieldname>
  </fields>
  <rows>
   <row>
    <surveyls_survey_id><![CDATA[949925]]></surveyls_survey_id>
    <surveyls_language><![CDATA[en]]></surveyls_language>
    <surveyls_title><![CDATA[Test Resume Saved Response]]></surveyls_title>
    <surveyls_description/>
    <surveyls_welcometext/>
    <surveyls_endtext/>
    <surveyls_policy_notice/>
    <surveyls_policy_notice_label/>
    <surveyls_url/>
    <surveyls_urldescription/>
    <surveyls_email_invite_subj><![CDATA[Invitation to participate in a survey]]></surveyls_email_invite_subj>
    <surveyls_email_invite><![CDATA[Dear {FIRSTNAME},

you have been invited to participate in a survey.

The survey is titled:
"{SURVEYNAME}"

"{SURVEYDESCRIPTION}"

To participate, please click on the link below.

Sincerely,

{ADMINNAME} ({ADMINEMAIL})

----------------------------------------------
Click here to do the survey:
{SURVEYURL}

If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:
{OPTOUTURL}

If you are blacklisted but want to participate in this survey and want to receive invitations please click the following link:
{OPTINURL}]]></surveyls_email_invite>
    <surveyls_email_remind_subj><![CDATA[Reminder to participate in a survey]]></surveyls_email_remind_subj>
    <surveyls_email_remind><![CDATA[Dear {FIRSTNAME},

Recently we invited you to participate in a survey.

We note that you have not yet completed the survey, and wish to remind you that the survey is still available should you wish to take part.

The survey is titled:
"{SURVEYNAME}"

"{SURVEYDESCRIPTION}"

To participate, please click on the link below.

Sincerely,

{ADMINNAME} ({ADMINEMAIL})

----------------------------------------------
Click here to do the survey:
{SURVEYURL}

If you do not want to participate in this survey and don't want to receive any more invitations please click the following link:
{OPTOUTURL}]]></surveyls_email_remind>
    <surveyls_email_register_subj><![CDATA[Survey registration confirmation]]></surveyls_email_register_subj>
    <surveyls_email_register><![CDATA[Dear {FIRSTNAME},

You, or someone using your email address, have registered to participate in an online survey titled {SURVEYNAME}.

To complete this survey, click on the following URL:

{SURVEYURL}

If you have any questions about this survey, or if you did not register to participate and believe this email is in error, please contact {ADMINNAME} at {ADMINEMAIL}.]]></surveyls_email_register>
    <surveyls_email_confirm_subj><![CDATA[Confirmation of your participation in our survey]]></surveyls_email_confirm_subj>
    <surveyls_email_confirm><![CDATA[Dear {FIRSTNAME},

this email is to confirm that you have completed the survey titled {SURVEYNAME} and your response has been saved. Thank you for participating.

If you have any further questions about this email, please contact {ADMINNAME} on {ADMINEMAIL}.

Sincerely,

{ADMINNAME}]]></surveyls_email_confirm>
    <surveyls_dateformat><![CDATA[9]]></surveyls_dateformat>
    <email_admin_notification_subj><![CDATA[Response submission for survey {SURVEYNAME}]]></email_admin_notification_subj>
    <email_admin_notification><![CDATA[Hello,

A new response was submitted for your survey '{SURVEYNAME}'.

Click the following link to see the individual response:
{VIEWRESPONSEURL}

Click the following link to edit the individual response:
{EDITRESPONSEURL}

View statistics by clicking here:
{STATISTICSURL}]]></email_admin_notification>
    <email_admin_responses_subj><![CDATA[Response submission for survey {SURVEYNAME} with results]]></email_admin_responses_subj>
    <email_admin_responses><![CDATA[Hello,

A new response was submitted for your survey '{SURVEYNAME}'.

Click the following link to see the individual response:
{VIEWRESPONSEURL}

Click the following link to edit the individual response:
{EDITRESPONSEURL}

View statistics by clicking here:
{STATISTICSURL}


The following answers were given by the participant:
{ANSWERTABLE}]]></email_admin_responses>
    <surveyls_numberformat><![CDATA[0]]></surveyls_numberformat>
   </row>
  </rows>
 </surveys_languagesettings>
 <themes>
  <theme>
   <sid>949925</sid>
   <template_name>fruity</template_name>
   <config>
    <options>inherit</options>
   </config>
  </theme>
 </themes>
 <themes_inherited>
  <theme>
   <sid>949925</sid>
   <template_name>fruity</template_name>
   <config>
    <options>
     <ajaxmode>off</ajaxmode>
     <brandlogo>on</brandlogo>
     <brandlogofile>themes/survey/fruity/files/logo.png</brandlogofile>
     <container>on</container>
     <backgroundimage>off</backgroundimage>
     <animatebody>off</animatebody>
     <bodyanimation>fadeInRight</bodyanimation>
     <bodyanimationduration>500</bodyanimationduration>
     <animatequestion>off</animatequestion>
     <questionanimation>flipInX</questionanimation>
     <questionanimationduration>500</questionanimationduration>
     <animatealert>off</animatealert>
     <alertanimation>shake</alertanimation>
     <alertanimationduration>500</alertanimationduration>
     <font>noto</font>
     <bodybackgroundcolor>#ffffff</bodybackgroundcolor>
     <fontcolor>#444444</fontcolor>
     <questionbackgroundcolor>#ffffff</questionbackgroundcolor>
     <questionborder>on</questionborder>
     <questioncontainershadow>on</questioncontainershadow>
     <checkicon>f00c</checkicon>
     <animatecheckbox>on</animatecheckbox>
     <checkboxanimation>rubberBand</checkboxanimation>
     <checkboxanimationduration>500</checkboxanimationduration>
     <animateradio>on</animateradio>
     <radioanimation>zoomIn</radioanimation>
     <radioanimationduration>500</radioanimationduration>
     <zebrastriping>off</zebrastriping>
     <stickymatrixheaders>off</stickymatrixheaders>
     <greyoutselected>off</greyoutselected>
     <hideprivacyinfo>off</hideprivacyinfo>
     <crosshover>off</crosshover>
     <showpopups>1</showpopups>
     <showclearall>off</showclearall>
     <questionhelptextposition>top</questionhelptextposition>
     <notables>1</notables>
    </options>
   </config>
  </theme>
 </themes_inherited>
</document>
fabianlehner

fabianlehner

2021-10-13 11:26

reporter   ~66841

might be related to 17583
fabianlehner

fabianlehner

2021-11-03 12:51

reporter   ~67078

Hello,
is there anyway I can contribute to this? I'd offer to work on a PR, but I think this needs a design decision first.
tbart

tbart

2021-11-22 15:29

reporter   ~67476

This happens on my 3.27.25+211116 as well.

If I enter the username/password regardless of the error message, I get the saved responses back.

application/helpers/frontend_helper.php reads
29 $scid = Yii::app()->request->getQuery('scid');
30 if (Yii::app()->request->getParam('loadall') === "reload") {
31 $sLoadName = Yii::app()->request->getParam('loadname');
32 $sLoadPass = Yii::app()->request->getParam('loadpass');

However, this cannot work out, as neither loadname nor loadpass get sent out via email to be part of the link's parameters.
This should be removed as I don't think the condition of those being part of the request will ever really happen.

Apart from this, application/controllers/survey/index.php should not attempt to loadanswers() if username and password have not been entered before.
fabianlehner

fabianlehner

2021-11-24 16:18

reporter   ~67539

"This should be removed as I don't think the condition of those being part of the request will ever really happen." – @tbart, if I'm not mistaken it used to be part of the request (loadname and loadpass were part of the resume link in the email sent to the participant), but removed in the commit I linked above.
I just realized that mantis mistook the link: https://github.com/LimeSurvey/LimeSurvey/commit/720b5e5751dcd35f1abcc496addf7e12b6525d19
See lines 426 / 284 at the very bottom.

@galads this definitely needs a design decision (if one hasn't been drawn yet but not fully implemented), could you please escalate this issue if necessary?
tbart

tbart

2021-11-30 19:59

reporter   ~67612

Yes, I know for sure that the credentials have been part of the URL sent out via mail for years, as clicking it has been enough to get you to the point you left off.

Currently, all stable versions seem to suffer from this issue/the inability of users to restore their saved sessions when they get scared by the error message and do not just go ahead and enter their credentials nevertheless (and that's definitely how they react).

I think this deserves more than a "minor".

Issue History

Date Modified Username Field Change
2021-10-13 11:26 fabianlehner New Issue
2021-10-13 11:26 fabianlehner File Added: limesurvey_survey_949925_resumetest.lss
2021-10-13 11:26 fabianlehner Note Added: 66841
2021-10-13 11:26 fabianlehner Bug heat 0 => 2
2021-10-19 09:57 galads Assigned To => galads
2021-10-19 09:57 galads Status new => confirmed
2021-11-03 12:51 fabianlehner Note Added: 67078
2021-11-22 15:29 tbart Note Added: 67476
2021-11-22 15:29 tbart Bug heat 2 => 4
2021-11-24 16:18 fabianlehner Note Added: 67539
2021-11-30 19:59 tbart Note Added: 67612