fix fraud posibility the client sent the unit price (#702)
* fix fraud posibility the client sent the unit price, fix unit test to use the fomat as server base * fix bad coding convention * update dotnet tool ef and nuget package * Align MD with real database by default
This commit is contained in:
Cédric Michel
GitHub
@@ -43,13 +43,14 @@ The goal for this sample is to demonstrate some of the principles and patterns d
|
||||
|
||||
## Running the sample
|
||||
|
||||
After cloning or downloading the sample you should be able to run it using an In Memory database immediately. The store's home page should look like this:
|
||||
The store's home page should look like this:
|
||||
|
||||
|
||||
|
||||
Most of the site's functionality works with just the web application running. However, the site's Admin page relies on Blazor WebAssembly running in the browser, and it must communicate with the server using the site's PublicApi web application. You'll need to also run this project. You can configure Visual Studio to start multiple projects, or just go to the PublicApi folder in a terminal window and run `dotnet run` from there. After that from the Web folder you should run `dotnet run --launch-profile Web`. Now you should be able to browse to `https://localhost:5001/`. Note that if you use this approach, you'll need to stop the application manually in order to build the solution (otherwise you'll get file locking errors).
|
||||
|
||||
If you wish to use the sample with a persistent database, you will need to run its Entity Framework Core migrations before you will be able to run the app, and update the `ConfigureServices` method in `Startup.cs` (see below).
|
||||
After cloning or downloading the sample you must setup your database.
|
||||
To use the sample with a persistent database, you will need to run its Entity Framework Core migrations before you will be able to run the app.
|
||||
|
||||
You can also run the samples in Docker (see below).
|
||||
|
||||
@@ -68,7 +69,7 @@ You can also run the samples in Docker (see below).
|
||||
1. Ensure the tool EF was already installed. You can find some help [here](https://docs.microsoft.com/ef/core/miscellaneous/cli/dotnet)
|
||||
|
||||
```
|
||||
dotnet tool install --global dotnet-ef
|
||||
dotnet tool update --global dotnet-ef
|
||||
```
|
||||
|
||||
1. Open a command prompt in the Web folder and execute the following commands:
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
<PackageReference Include="Ardalis.Specification" Version="6.0.1" />
|
||||
<PackageReference Include="MediatR" Version="10.0.1" />
|
||||
<PackageReference Include="System.Security.Claims" Version="4.3.0" />
|
||||
<PackageReference Include="System.Text.Json" Version="6.0.2" />
|
||||
<PackageReference Include="System.Text.Json" Version="6.0.3" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
||||
@@ -7,11 +7,11 @@
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Blazored.LocalStorage" Version="4.2.0" />
|
||||
<PackageReference Include="BlazorInputFile" Version="0.2.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="6.0.3" PrivateAssets="all" />
|
||||
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="6.0.4" PrivateAssets="all" />
|
||||
<PackageReference Include="Microsoft.Extensions.Identity.Core" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.Extensions.Logging.Configuration" Version="6.0.0" />
|
||||
<PackageReference Include="System.Net.Http.Json" Version="6.0.0" />
|
||||
</ItemGroup>
|
||||
|
||||
@@ -7,9 +7,9 @@
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Ardalis.Specification.EntityFrameworkCore" Version="6.0.1" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.4" />
|
||||
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.17.0" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
|
||||
@@ -17,18 +17,18 @@
|
||||
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.3.0" />
|
||||
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerUI" Version="6.3.0" />
|
||||
<PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.3.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.3">
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.4">
|
||||
<PrivateAssets>all</PrivateAssets>
|
||||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
|
||||
</PackageReference>
|
||||
<PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.15.0" />
|
||||
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.2" />
|
||||
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.3" />
|
||||
|
||||
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.17.0" />
|
||||
</ItemGroup>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"isRoot": true,
|
||||
"tools": {
|
||||
"dotnet-ef": {
|
||||
"version": "5.0.0",
|
||||
"version": "6.0.4",
|
||||
"commands": [
|
||||
"dotnet-ef"
|
||||
]
|
||||
|
||||
@@ -1,8 +1,4 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
|
||||
namespace Microsoft.eShopWeb.Web.Pages.Basket;
|
||||
namespace Microsoft.eShopWeb.Web.Pages.Basket;
|
||||
|
||||
public class BasketViewModel
|
||||
{
|
||||
|
||||
@@ -1,10 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc.RazorPages;
|
||||
using Microsoft.eShopWeb.ApplicationCore.Entities;
|
||||
using Microsoft.eShopWeb.ApplicationCore.Interfaces;
|
||||
using Microsoft.eShopWeb.Web.Interfaces;
|
||||
using Microsoft.eShopWeb.Web.ViewModels;
|
||||
@@ -15,12 +11,15 @@ public class IndexModel : PageModel
|
||||
{
|
||||
private readonly IBasketService _basketService;
|
||||
private readonly IBasketViewModelService _basketViewModelService;
|
||||
private readonly IRepository<CatalogItem> _itemRepository;
|
||||
|
||||
public IndexModel(IBasketService basketService,
|
||||
IBasketViewModelService basketViewModelService)
|
||||
IBasketViewModelService basketViewModelService,
|
||||
IRepository<CatalogItem> itemRepository)
|
||||
{
|
||||
_basketService = basketService;
|
||||
_basketViewModelService = basketViewModelService;
|
||||
_itemRepository = itemRepository;
|
||||
}
|
||||
|
||||
public BasketViewModel BasketModel { get; set; } = new BasketViewModel();
|
||||
@@ -37,9 +36,15 @@ public class IndexModel : PageModel
|
||||
return RedirectToPage("/Index");
|
||||
}
|
||||
|
||||
var item = await _itemRepository.GetByIdAsync(productDetails.Id);
|
||||
if (item == null)
|
||||
{
|
||||
return RedirectToPage("/Index");
|
||||
}
|
||||
|
||||
var username = GetOrSetBasketCookieAndUserName();
|
||||
var basket = await _basketService.AddItemToBasket(username,
|
||||
productDetails.Id, productDetails.Price);
|
||||
productDetails.Id, item.Price);
|
||||
|
||||
BasketModel = await _basketViewModelService.Map(basket);
|
||||
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Mvc.RazorPages;
|
||||
using Microsoft.AspNetCore.Mvc.RazorPages;
|
||||
using Microsoft.eShopWeb.Web.Services;
|
||||
using Microsoft.eShopWeb.Web.ViewModels;
|
||||
|
||||
|
||||
@@ -20,16 +20,16 @@
|
||||
<PackageReference Include="MediatR" Version="10.0.1" />
|
||||
<PackageReference Include="MediatR.Extensions.Microsoft.DependencyInjection" Version="10.0.1" />
|
||||
<PackageReference Include="BuildBundlerMinifier" Version="3.2.449" Condition="'$(Configuration)'=='Release'" PrivateAssets="All" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.2" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.Web.LibraryManager.Build" Version="2.1.161" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.3">
|
||||
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.4">
|
||||
<PrivateAssets>all</PrivateAssets>
|
||||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
|
||||
</PackageReference>
|
||||
|
||||
@@ -15,14 +15,14 @@
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0" />
|
||||
<PackageReference Include="xunit" Version="2.4.1" />
|
||||
<PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
|
||||
<PrivateAssets>all</PrivateAssets>
|
||||
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
|
||||
</PackageReference>
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.4" />
|
||||
<DotNetCliToolReference Include="dotnet-xunit" Version="2.3.1" />
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
@@ -32,7 +32,6 @@ public class IndexTest : IClassFixture<TestApplication>
|
||||
{
|
||||
new KeyValuePair<string, string>("id", "2"),
|
||||
new KeyValuePair<string, string>("name", "shirt"),
|
||||
new KeyValuePair<string, string>("price", "19.49"),
|
||||
new KeyValuePair<string, string>("__RequestVerificationToken", token)
|
||||
};
|
||||
var formContent = new FormUrlEncodedContent(keyValues);
|
||||
@@ -45,7 +44,7 @@ public class IndexTest : IClassFixture<TestApplication>
|
||||
var updateKeyValues = new List<KeyValuePair<string, string>>
|
||||
{
|
||||
new KeyValuePair<string, string>("Items[0].Id", WebPageHelpers.GetId(stringResponse)),
|
||||
new KeyValuePair<string, string>("Items[0].Quantity", "50"),
|
||||
new KeyValuePair<string, string>("Items[0].Quantity", "49"),
|
||||
new KeyValuePair<string, string>(WebPageHelpers.TokenTag, WebPageHelpers.GetRequestVerificationToken(stringResponse))
|
||||
};
|
||||
var updateContent = new FormUrlEncodedContent(updateKeyValues);
|
||||
@@ -54,7 +53,8 @@ public class IndexTest : IClassFixture<TestApplication>
|
||||
var stringUpdateResponse = await updateResponse.Content.ReadAsStringAsync();
|
||||
|
||||
Assert.Contains("/basket/update", updateResponse.RequestMessage.RequestUri.ToString());
|
||||
Assert.Contains("974.50", stringUpdateResponse);
|
||||
decimal expectedTotalAmount = 416.50M;
|
||||
Assert.Contains(expectedTotalAmount.ToString("N2"), stringUpdateResponse);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
@@ -72,7 +72,6 @@ public class IndexTest : IClassFixture<TestApplication>
|
||||
{
|
||||
new KeyValuePair<string, string>("id", "2"),
|
||||
new KeyValuePair<string, string>("name", "shirt"),
|
||||
new KeyValuePair<string, string>("price", "19.49"),
|
||||
new KeyValuePair<string, string>("__RequestVerificationToken", token)
|
||||
};
|
||||
var formContent = new FormUrlEncodedContent(keyValues);
|
||||
@@ -95,6 +94,5 @@ public class IndexTest : IClassFixture<TestApplication>
|
||||
|
||||
Assert.Contains("/basket/update", updateResponse.RequestMessage.RequestUri.ToString());
|
||||
Assert.Contains("Basket is empty", stringUpdateResponse);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0" />
|
||||
<PackageReference Include="Moq" Version="4.17.2" />
|
||||
<PackageReference Include="xunit" Version="2.4.1" />
|
||||
|
||||
@@ -20,10 +20,10 @@
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="6.0.3" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="6.0.4" />
|
||||
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0" />
|
||||
<PackageReference Include="MSTest.TestAdapter" Version="2.2.8" />
|
||||
<PackageReference Include="MSTest.TestFramework" Version="2.2.8" />
|
||||
<PackageReference Include="MSTest.TestAdapter" Version="2.2.9" />
|
||||
<PackageReference Include="MSTest.TestFramework" Version="2.2.9" />
|
||||
<PackageReference Include="coverlet.collector" Version="3.1.2" />
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user