Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

AI OnAI Off

Unified Search - Statistics Tracking results in error

Nalin Bhayana
Nalin Bhayana
Vote:
 

Hi,

I am using Unified Search and I want it to appear in the Statistics, so added the Track() method.

IEnumerable _SearchResults = searchClient.UnifiedSearch().For(queryString)
.InField(x => ((BasePageData)x).MetaKeywords)
.InField(x => ((BasePageData)x).MetaTitle)
.InField(x => ((BasePageData)x).MetaDescription)
.Track()
.Filter(x => !x.MatchTypeHierarchy(typeof(ImageData))).Filter(y => !y.MatchTypeHierarchy(typeof(ContainerPage)))
.Take(10).Skip((p - 1) * 10).GetResult(hitSpec, false);

The GetResult method in above statement throws exception "String reference not set to an instance of a String.\r\nParameter name: s"

Stacktrace: 

   at System.Text.Encoding.GetBytes(String s)
   at EPiServer.Find.TrackContext.HashString(String toHash)
   at EPiServer.Find.TrackContext..ctor()
   at EPiServer.Find.SearchExtensions.GetProjectedResult[TResult](ISearch`1 search, SearchContext context)
   at EPiServer.Find.SearchExtensions.GetResult(ITypeSearch`1 search, HitSpecification hitSpecification, Boolean filterForPublicSearch)
   at Trisept.Vax.Epi.ContentSite.Controllers.SearchController.PopulateViewModel(String queryString, VaxBasePageData currentPage, Int32 p) in C:\TFS\Trisept.VAX.Content\Development\Trisept.Vax.Epi\Trisept.Vax.Epi.ContentSite\Controllers\SearchController.cs:line 56
   at Trisept.Vax.Epi.ContentSite.Controllers.SearchController.Index(Nullable`1 p) in C:\TFS\Trisept.VAX.Content\Development\Trisept.Vax.Epi\Trisept.Vax.Epi.ContentSite\Controllers\SearchController.cs:line 40
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.b__3d()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass46.b__3f()

If I remove the Track() method, it works fine.

But I need to gather the statistics. Can't figure what I am doing wrong. Please help.

Thank you.

----- Update -----

The above issue occurs only when I am logged in via SAML authenticated user.

Both search and statistics work fine when the user is Epi admin

#188723
Edited, Mar 01, 2018 15:37
Johan Petersson
Johan Petersson
Vote:
 

What happens if you move .Track() to just before .GetResult()?

#188731
Mar 01, 2018 20:09
Nalin Bhayana
Nalin Bhayana
Vote:
 

Same issue happens, wherever I put the Track()

#188734
Mar 01, 2018 20:37
Johan Petersson
Johan Petersson
Vote:
 

Then I would try to remove .Skip(), then .Filter() and then .InField() but still keep .Track() to figure out which filter is causing the issue in .Track() and then report this as a bug to Episerver.

Btw, is the pagination working correctly if you remove .Track()?

#188735
Mar 01, 2018 20:42
Nalin Bhayana
Nalin Bhayana
Vote:
 

I removed all the .Filter(), .Skip() and .InField(), to change the code to the below statement. Still it throws the same exception.

IEnumerable<UnifiedSearchHit> _SearchResults = searchClient.UnifiedSearch().For(queryString)
.Track()
.GetResult(hitSpec, false);

Also, noticed that the issue is not reproducing when I am logged in with EPi Admin login, but it is reproducible when I login via an SAML Authentication account. (We have EPi accounts for Content Authors, but for end-users authentication is implemented via SAML)

And, yes Pagination is working fine.

#188811
Edited, Mar 05, 2018 7:20
Son Do
Son Do
Vote:
 

Hi Nalin,

Can you try this simple query:

var results = searchClient.UnifiedSearchFor(q)
                    .Filter(f => f.MatchType(typeof(FashionProduct)))
                    .Track()
                    .GetResult();

Hope it work,

For more information, refer to this document https://world.episerver.com/documentation/developer-guides/find/NET-Client-API/searching/Unified-search/

/Son Do

#188879
Edited, Mar 06, 2018 10:59
Nalin Bhayana
Nalin Bhayana
Vote:
 

Hi Son,

Even this simple query failed. It is throwing the same exception as mentioned above.

#188883
Mar 06, 2018 11:31
Son Do
Son Do
Vote:
 

Can you try to run reindex job then check again.

#188886
Mar 06, 2018 12:10
Nalin Bhayana
Nalin Bhayana
Vote:
 

Tried it. No success. Still the same exception.

#188890
Mar 06, 2018 12:58
Son Do
Son Do
Vote:
 

The site doesn't work with simple query, the reason might be your data.

IMO you should create a support ticket. Support guys will call you and get your implementation, your databasse and your index for fixing the issue.

/Son Do

#188925
Mar 07, 2018 4:31
Dan Matthews
Dan Matthews
Vote:
 

I had exactly this same issue, in the same bit of code, and found that it was actually because the Episerver code tries to allocate a unique ID for the tracking based on this logic (Find 13):

  1. If there's no current HTTP Context, use a hash of the MAC address (for example, if this is being called from a console app)
  2. If there's no user in the current HTTP Context, use a hash of the Session ID of the current HTTP Context (user not logged on)
  3. If there's a user in the current HTTP Context, use a hash of the current user's name in their identity

Point (3) is where it was breaking for me... I was in a web content and authenticated using ASP.NET Identity but was using a custom JWT Token that wasn't adding the Name claim. This meant that HttpContext.Current.User.Identity.Name was null and so it was breaking when trying to hash it.

To fix it, I just added the following line to the code where the JWT Token was being created (this project is generating it's own JWT Tokens in a custom oAuth provider):

  identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); // we do this to let Find work - it requires an identity name in order to track statistics

It's almost certain that you've got the same problem - just make sure that the steps 1-3 above are all valid and the code should work!

#195487
Jul 26, 2018 12:19
Nalin Bhayana
Nalin Bhayana
Vote:
 

Thank you Dan,

Adding the Name claim worked like a charm.

#195553
Jul 30, 2018 11:58
Jonas Bergqvist
Jonas Bergqvist
Vote:
 

The fix for FIND-3741 will solve this issue. The fix will also include null-check.

#195967
Edited, Aug 14, 2018 13:59
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.