fix fraud posibility the client sent the unit price (#702)

* fix fraud posibility the client sent the unit price, fix unit test to use the fomat as server base * fix bad coding convention * update dotnet tool ef and nuget package * Align MD with real database by default
2022-04-13 20:15:48 +02:00
parent 44534f5a8b
commit 31be1d4d74
14 changed files with 55 additions and 56 deletions
--- a/src/Web/.config/dotnet-tools.json
+++ b/src/Web/.config/dotnet-tools.json
@@ -3,7 +3,7 @@
  "isRoot": true,
  "tools": {
    "dotnet-ef": {
-      "version": "5.0.0",
+      "version": "6.0.4",
      "commands": [
        "dotnet-ef"
      ]
--- a/src/Web/Pages/Basket/BasketViewModel.cs
+++ b/src/Web/Pages/Basket/BasketViewModel.cs
@@ -1,8 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-
-namespace Microsoft.eShopWeb.Web.Pages.Basket;
+namespace Microsoft.eShopWeb.Web.Pages.Basket;

 public class BasketViewModel
 {
--- a/src/Web/Pages/Basket/Index.cshtml.cs
+++ b/src/Web/Pages/Basket/Index.cshtml.cs
@@ -1,10 +1,6 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.eShopWeb.ApplicationCore.Entities;
 using Microsoft.eShopWeb.ApplicationCore.Interfaces;
 using Microsoft.eShopWeb.Web.Interfaces;
 using Microsoft.eShopWeb.Web.ViewModels;
@@ -15,12 +11,15 @@ public class IndexModel : PageModel
 {
    private readonly IBasketService _basketService;
    private readonly IBasketViewModelService _basketViewModelService;
+    private readonly IRepository<CatalogItem> _itemRepository;

    public IndexModel(IBasketService basketService,
-        IBasketViewModelService basketViewModelService)
+        IBasketViewModelService basketViewModelService,
+        IRepository<CatalogItem> itemRepository)
    {
        _basketService = basketService;
        _basketViewModelService = basketViewModelService;
+        _itemRepository = itemRepository;
    }

    public BasketViewModel BasketModel { get; set; } = new BasketViewModel();
@@ -37,9 +36,15 @@ public class IndexModel : PageModel
            return RedirectToPage("/Index");
        }

+        var item = await _itemRepository.GetByIdAsync(productDetails.Id);
+        if (item == null)
+        {
+            return RedirectToPage("/Index");
+        }
+
        var username = GetOrSetBasketCookieAndUserName();
        var basket = await _basketService.AddItemToBasket(username,
-            productDetails.Id, productDetails.Price);
+            productDetails.Id, item.Price);

        BasketModel = await _basketViewModelService.Map(basket);

--- a/src/Web/Pages/Index.cshtml.cs
+++ b/src/Web/Pages/Index.cshtml.cs
@@ -1,5 +1,4 @@
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.AspNetCore.Mvc.RazorPages;
 using Microsoft.eShopWeb.Web.Services;
 using Microsoft.eShopWeb.Web.ViewModels;

--- a/src/Web/Web.csproj
+++ b/src/Web/Web.csproj
@@ -20,16 +20,16 @@
    <PackageReference Include="MediatR" Version="10.0.1" />
    <PackageReference Include="MediatR.Extensions.Microsoft.DependencyInjection" Version="10.0.1" />
    <PackageReference Include="BuildBundlerMinifier" Version="3.2.449" Condition="'$(Configuration)'=='Release'" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="6.0.3" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.3" />
-    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="6.0.4" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.4" />
+    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.3" />
    <PackageReference Include="Microsoft.Web.LibraryManager.Build" Version="2.1.161" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.3" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.3" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.3">
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.4" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.4" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.4">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>