public async Task <ActionResult <Phone> > CreatePhone([FromBody] CreatePhoneDto number) { var exist = await _phone.PhoneExist(number.Number); if (exist) { return(BadRequest("Phone already on the database")); } var phoneToReturn = await _phone.CreatePhone(number.PersonID, number.Number, number.Name); var person = await _person.FindPerson(number.PersonID); var userEmail = User.FindFirst(System.Security.Claims.ClaimTypes.Email).Value; await _log.Create(userEmail, number.Number, "", $"PHONE Created - {person.Name} "); return(Ok(phoneToReturn)); }
public async Task <IActionResult> CreatePhoneAsync([FromBody] CreatePhoneDto requestDto) { var userId = int.Parse(this.User.FindFirstValue(ClaimTypes.NameIdentifier)); _logger.LogInformation($"User trying to create new phone"); var userPhonesCount = await _phones.GetPhonesCountAsync(userId); var entity = _mapper.Map <Phone>(requestDto); entity.CustomerId = userId; //TODO: Sanitize entities for avoid OWASP Top 10 A7:2017-Cross-Site Scripting (XSS) _logger.LogInformation($"Validating new phone"); if (ModelState.IsValid) { TryValidateModel(entity); } if (!ModelState.IsValid || userPhonesCount >= 3) { if (userPhonesCount >= 3) { ModelState.AddModelError("general", "Maximum 3 phone numbers per customer"); } var errors = ModelState.FormatModelErrors(); _logger.LogWarning($"New phone did not pass entity validation", errors); return(BadRequest(errors)); } entity = await _phones.CreatePhoneAsync(entity); _logger.LogInformation($"User added new phone with identificator {entity.Id}"); var result = _mapper.Map <PhoneDto>(entity); return(Ok(result)); }