Make sure the form is properly validated

BTCPayServer/Controllers/UIPaymentRequestController.cs

@@ -5,6 +5,7 @@ using System.Threading;
 using System.Threading.Tasks;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Abstractions.Extensions;
+using BTCPayServer.Abstractions.Form;
 using BTCPayServer.Client;
 using BTCPayServer.Client.Models;
 using BTCPayServer.Data;
@@ -181,7 +182,7 @@ namespace BTCPayServer.Controllers
         [HttpGet("{payReqId}/form")]
         [HttpPost("{payReqId}/form")]
         [AllowAnonymous]
-        public async Task<IActionResult> ViewPaymentRequestForm(string payReqId, [FromForm] string formId, [FromForm] string formData)
+        public async Task<IActionResult> ViewPaymentRequestForm(string payReqId)
         {
             var result = await _PaymentRequestRepository.FindPaymentRequest(payReqId, GetUserId());
             if (result == null)
@@ -195,32 +196,37 @@ namespace BTCPayServer.Controllers
             {
                 case null:
                 case { } when string.IsNullOrEmpty(prFormId):
-                    break;
-                
+                case { } when Request.Method == "GET" && prBlob.FormResponse is not null:
+                    return RedirectToAction("ViewPaymentRequest", new { payReqId });
+                case { } when Request.Method == "GET" && prBlob.FormResponse is null:
+                        break;
                 default:
                     // POST case: Handle form submit
-                    if (!string.IsNullOrEmpty(formData) && formId == prFormId)
+                    var formData = Form.Parse(Forms.UIFormsController.GetFormData(prFormId).Config);
+                    formData.ApplyValuesFromForm(this.Request.Form);
+                    if (formData.IsValid())
                     {
-                        prBlob.FormResponse = JObject.Parse(formData);
+                        prBlob.FormResponse = JObject.FromObject(formData.GetValues());
                         result.SetBlob(prBlob);
                         await _PaymentRequestRepository.CreateOrUpdatePaymentRequest(result);
                         return RedirectToAction("PayPaymentRequest", new { payReqId });
                     }
-                    
-                    // GET or empty form data case: Redirect to form
-                    return View("PostRedirect", new PostRedirectViewModel
-                    {
-                        AspController = "UIForms",
-                        AspAction = "ViewPublicForm",
-                        FormParameters =
+                    break;
+            }
+
+            return View("PostRedirect", new PostRedirectViewModel
+            {
+                AspController = "UIForms",
+                AspAction = "ViewPublicForm",
+                RouteParameters =
+                        {
+                            { "formId", prFormId }
+                        },
+                FormParameters =
                         {
-                            { "formId", prFormId },
                             { "redirectUrl", Request.GetCurrentUrl() }
                         }
-                    });
-            }
-            
-            return RedirectToAction("ViewPaymentRequest", new { payReqId });
+            });
         }
         
         [HttpGet("{payReqId}/pay")]