From 96125d604214849b724c98cc0aebfef24317a6e2 Mon Sep 17 00:00:00 2001
From: SysAdmin <sysadmin@silverlabs.uk>
Date: Wed, 24 Sep 2025 16:49:21 +0100
Subject: [PATCH] Add explicit antiforgery configuration and better error
 handling for UpdateStatus

---
 .claude/settings.local.json                   |  3 ++-
 .../Admin/Controllers/OrdersController.cs     | 23 +++++++++++++++++++
 LittleShop/Program.cs                         |  7 ++++++
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index 310ffca..ea08d28 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -29,7 +29,8 @@
       "Bash(git push:*)",
       "Bash(tasklist)",
       "Bash(findstr:*)",
-      "Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)"
+      "Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)",
+      "Bash(git commit:*)"
     ],
     "deny": [],
     "ask": []
diff --git a/LittleShop/Areas/Admin/Controllers/OrdersController.cs b/LittleShop/Areas/Admin/Controllers/OrdersController.cs
index f8c58f4..6647041 100644
--- a/LittleShop/Areas/Admin/Controllers/OrdersController.cs
+++ b/LittleShop/Areas/Admin/Controllers/OrdersController.cs
@@ -135,12 +135,35 @@ public class OrdersController : Controller
     [ValidateAntiForgeryToken]
     public async Task<IActionResult> UpdateStatus(Guid id, UpdateOrderStatusDto model)
     {
+        if (!ModelState.IsValid)
+        {
+            // Log validation errors for debugging
+            foreach (var error in ModelState)
+            {
+                if (error.Value?.Errors.Count > 0)
+                {
+                    Console.WriteLine($"Validation error for {error.Key}: {string.Join(", ", error.Value.Errors.Select(e => e.ErrorMessage))}");
+                }
+            }
+
+            // Return to details page with error
+            var order = await _orderService.GetOrderByIdAsync(id);
+            if (order == null)
+            {
+                return NotFound();
+            }
+
+            TempData["Error"] = "Failed to update order status. Please check your input.";
+            return View("Details", order);
+        }
+
         var success = await _orderService.UpdateOrderStatusAsync(id, model);
         if (!success)
         {
             return NotFound();
         }
 
+        TempData["Success"] = "Order status updated successfully.";
         return RedirectToAction(nameof(Details), new { id });
     }
 
diff --git a/LittleShop/Program.cs b/LittleShop/Program.cs
index a850ee4..27f9653 100644
--- a/LittleShop/Program.cs
+++ b/LittleShop/Program.cs
@@ -21,6 +21,13 @@ builder.Host.UseSerilog();
 builder.Services.AddControllers();
 builder.Services.AddControllersWithViews(); // Add MVC for Admin Panel
 
+// Configure Antiforgery
+builder.Services.AddAntiforgery(options =>
+{
+    options.HeaderName = "X-CSRF-TOKEN";
+    options.FormFieldName = "__RequestVerificationToken";
+});
+
 // Database
 if (builder.Environment.EnvironmentName == "Testing")
 {