public async Task <IActionResult> Login(LoginRequest request) { if (!ModelState.IsValid) { foreach (var modelState in ViewData.ModelState.Values) { foreach (ModelError error in modelState.Errors) { ViewBag.Message = error.ErrorMessage; break; } } return(View()); } var user = await _userManager.FindByNameAsync(request.UserName); if (user != null) { var signInResult = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false); if (signInResult.Succeeded) { var claims = new List <Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim(ClaimTypes.NameIdentifier, user.Id) }; var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity)); //await _signInManager.SignInAsync(user, false); if (user.UserName != HackMeDbContextSeed.poorGuyUserName) { var flag = new FlagTrack { Source = $"login:{user.UserName} and password = {request.Password}", Flag = Guid.NewGuid().ToString(), CreatedByUserName = user.UserName, CreatedDate = DateTimeOffset.UtcNow }; await _db.FlagTracks.AddAsync(flag); await _db.SaveChangesAsync(); return(View("_LoginSuccessWithFlag", flag.Flag)); } return(Redirect("/Profile")); } } ViewBag.Message = "User name or password does not match"; return(View()); }
public async Task <IActionResult> AddToCard(AddToCardRequest request) { string flagId; using (var tx = _db.Database.BeginTransaction()) { var userId = GetUserId(); var userName = GetUserName(); var productRequest = await _db.Products.Where(p => p.Id == request.ProductId).Select(p => new AddToCardRequest { ProductId = p.Id, ProductName = p.Name, Price = p.Price }).FirstOrDefaultAsync(); var userDebitAccount = await _db.DebitAccounts.FirstAsync(p => p.UserId == userId); if (productRequest == null) { ViewBag.ErrorMessage = "Requested product doesn't exist."; } else { ViewBag.ErrorMessage = productRequest.Validate(GetMyAccountBalance()); } if (!string.IsNullOrEmpty(ViewBag.ErrorMessage)) { return(View(productRequest)); } productRequest.Note = request.Note; userDebitAccount.Balance = userDebitAccount.Balance - productRequest.Price; await _db.Orders.AddAsync(new Order { ProductId = productRequest.ProductId, Price = productRequest.Price, UserId = userId, CreatedDate = DateTimeOffset.UtcNow, Note = productRequest.Note }); var flag = new FlagTrack { Source = $"order:{productRequest.ProductName} with price = {productRequest.Price}", Flag = Guid.NewGuid().ToString(), CreatedByUserName = userName, CreatedDate = DateTimeOffset.UtcNow }; flagId = flag.Flag; await _db.FlagTracks.AddAsync(flag); await _db.SaveChangesAsync(); tx.Commit(); } return(View("_OrderSuccessWithFlag", flagId)); }