SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add explicit antiforgery configuration and better error handling for UpdateStatus

Browse Source
This commit is contained in:
SysAdmin 2025-09-24 16:49:21 +01:00
parent 66c948e4d8
commit 96125d6042
3 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.claude/settings.local.json
View File

@ -29,7 +29,8 @@
"Bash(git push:*)", "Bash(git push:*)",
"Bash(tasklist)", "Bash(tasklist)",
"Bash(findstr:*)", "Bash(findstr:*)",
"Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)" "Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)",
"Bash(git commit:*)"
], ],
"deny": [], "deny": [],
"ask": [] "ask": []

23
LittleShop/Areas/Admin/Controllers/OrdersController.cs
View File

@ -135,12 +135,35 @@ public class OrdersController : Controller
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
public async Task<IActionResult> UpdateStatus(Guid id, UpdateOrderStatusDto model) public async Task<IActionResult> UpdateStatus(Guid id, UpdateOrderStatusDto model)
{ {
if (!ModelState.IsValid)
{
// Log validation errors for debugging
foreach (var error in ModelState)
{
if (error.Value?.Errors.Count > 0)
{
Console.WriteLine($"Validation error for {error.Key}: {string.Join(", ", error.Value.Errors.Select(e => e.ErrorMessage))}");
}
}
// Return to details page with error
var order = await _orderService.GetOrderByIdAsync(id);
if (order == null)
{
return NotFound();
}
TempData["Error"] = "Failed to update order status. Please check your input.";
return View("Details", order);
}
var success = await _orderService.UpdateOrderStatusAsync(id, model); var success = await _orderService.UpdateOrderStatusAsync(id, model);
if (!success) if (!success)
{ {
return NotFound(); return NotFound();
} }
TempData["Success"] = "Order status updated successfully.";
return RedirectToAction(nameof(Details), new { id }); return RedirectToAction(nameof(Details), new { id });
} }

7
LittleShop/Program.cs
View File

@ -21,6 +21,13 @@ builder.Host.UseSerilog();
builder.Services.AddControllers(); builder.Services.AddControllers();
builder.Services.AddControllersWithViews(); // Add MVC for Admin Panel builder.Services.AddControllersWithViews(); // Add MVC for Admin Panel
// Configure Antiforgery
builder.Services.AddAntiforgery(options =>
{
options.HeaderName = "X-CSRF-TOKEN";
options.FormFieldName = "__RequestVerificationToken";
});
// Database // Database
if (builder.Environment.EnvironmentName == "Testing") if (builder.Environment.EnvironmentName == "Testing")
{ {