public async Task <ActionResult <Phone> > CreatePhone([FromBody] CreatePhoneDto number)
{
var exist = await _phone.PhoneExist(number.Number);
if (exist)
{
return(BadRequest("Phone already on the database"));
}
var phoneToReturn = await _phone.CreatePhone(number.PersonID, number.Number, number.Name);
var person = await _person.FindPerson(number.PersonID);
var userEmail = User.FindFirst(System.Security.Claims.ClaimTypes.Email).Value;
await _log.Create(userEmail, number.Number, "", $"PHONE Created - {person.Name} ");
return(Ok(phoneToReturn));
}
public async Task <IActionResult> CreatePhoneAsync([FromBody] CreatePhoneDto requestDto)
{
var userId = int.Parse(this.User.FindFirstValue(ClaimTypes.NameIdentifier));
_logger.LogInformation($"User trying to create new phone");
var userPhonesCount = await _phones.GetPhonesCountAsync(userId);
var entity = _mapper.Map <Phone>(requestDto);
entity.CustomerId = userId;
//TODO: Sanitize entities for avoid OWASP Top 10 A7:2017-Cross-Site Scripting (XSS)
_logger.LogInformation($"Validating new phone");
if (ModelState.IsValid)
{
TryValidateModel(entity);
}
if (!ModelState.IsValid || userPhonesCount >= 3)
{
if (userPhonesCount >= 3)
{
ModelState.AddModelError("general", "Maximum 3 phone numbers per customer");
}
var errors = ModelState.FormatModelErrors();
_logger.LogWarning($"New phone did not pass entity validation", errors);
return(BadRequest(errors));
}
entity = await _phones.CreatePhoneAsync(entity);
_logger.LogInformation($"User added new phone with identificator {entity.Id}");
var result = _mapper.Map <PhoneDto>(entity);
return(Ok(result));
}
