public async Task <IHttpActionResult> AddPhone([FromBody] UpdatePhoneRequest createRequest) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var phone = await _phoneService.CreatePhoneAsync(createRequest); var location = string.Format($"/api/phones/{phone.Id}"); return(Created <StorePhone>(location, phone)); }
public async Task <IActionResult> CreatePhoneAsync([FromBody] CreatePhoneDto requestDto) { var userId = int.Parse(this.User.FindFirstValue(ClaimTypes.NameIdentifier)); _logger.LogInformation($"User trying to create new phone"); var userPhonesCount = await _phones.GetPhonesCountAsync(userId); var entity = _mapper.Map <Phone>(requestDto); entity.CustomerId = userId; //TODO: Sanitize entities for avoid OWASP Top 10 A7:2017-Cross-Site Scripting (XSS) _logger.LogInformation($"Validating new phone"); if (ModelState.IsValid) { TryValidateModel(entity); } if (!ModelState.IsValid || userPhonesCount >= 3) { if (userPhonesCount >= 3) { ModelState.AddModelError("general", "Maximum 3 phone numbers per customer"); } var errors = ModelState.FormatModelErrors(); _logger.LogWarning($"New phone did not pass entity validation", errors); return(BadRequest(errors)); } entity = await _phones.CreatePhoneAsync(entity); _logger.LogInformation($"User added new phone with identificator {entity.Id}"); var result = _mapper.Map <PhoneDto>(entity); return(Ok(result)); }