Add explicit antiforgery configuration and better error handling for UpdateStatus

2025-09-24 16:49:21 +01:00 · 2025-09-24 16:49:21 +01:00 · 96125d6042
commit 96125d6042
parent 66c948e4d8
3 changed files with 32 additions and 1 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@ -29,7 +29,8 @@
      "Bash(git push:*)",
      "Bash(tasklist)",
      "Bash(findstr:*)",
-      "Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)"
+      "Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)",
+      "Bash(git commit:*)"
    ],
    "deny": [],
    "ask": []
--- a/LittleShop/Areas/Admin/Controllers/OrdersController.cs
+++ b/LittleShop/Areas/Admin/Controllers/OrdersController.cs
@ -135,12 +135,35 @@ public class OrdersController : Controller
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> UpdateStatus(Guid id, UpdateOrderStatusDto model)
    {
+        if (!ModelState.IsValid)
+        {
+            // Log validation errors for debugging
+            foreach (var error in ModelState)
+            {
+                if (error.Value?.Errors.Count > 0)
+                {
+                    Console.WriteLine($"Validation error for {error.Key}: {string.Join(", ", error.Value.Errors.Select(e => e.ErrorMessage))}");
+                }
+            }
+
+            // Return to details page with error
+            var order = await _orderService.GetOrderByIdAsync(id);
+            if (order == null)
+            {
+                return NotFound();
+            }
+
+            TempData["Error"] = "Failed to update order status. Please check your input.";
+            return View("Details", order);
+        }
+
        var success = await _orderService.UpdateOrderStatusAsync(id, model);
        if (!success)
        {
            return NotFound();
        }

+        TempData["Success"] = "Order status updated successfully.";
        return RedirectToAction(nameof(Details), new { id });
    }

--- a/LittleShop/Program.cs
+++ b/LittleShop/Program.cs
@ -21,6 +21,13 @@ builder.Host.UseSerilog();
 builder.Services.AddControllers();
 builder.Services.AddControllersWithViews(); // Add MVC for Admin Panel

+// Configure Antiforgery
+builder.Services.AddAntiforgery(options =>
+{
+    options.HeaderName = "X-CSRF-TOKEN";
+    options.FormFieldName = "__RequestVerificationToken";
+});
+
 // Database
 if (builder.Environment.EnvironmentName == "Testing")
 {