using System; using System.Linq; using System.Security.Claims; using System.Threading; using System.Threading.Tasks; using Microsoft.AspNet.Mvc; using Microsoft.AspNet.Authorization; using Microsoft.Data.Entity; using MusicStore.Models; namespace MusicStore.Controllers { [Authorize] public class CheckoutController : Controller { private const string PromoCode = "FREE"; [FromServices] public MusicStoreContext DbContext { get; set; } // // GET: /Checkout/ public IActionResult AddressAndPayment() { return View(); } // // POST: /Checkout/AddressAndPayment [HttpPost] [ValidateAntiForgeryToken] public async Task AddressAndPayment([FromForm] Order order, CancellationToken requestAborted) { if (!ModelState.IsValid) { return View(order); } var formCollection = await Context.Request.ReadFormAsync(); try { if (string.Equals(formCollection["PromoCode"].FirstOrDefault(), PromoCode, StringComparison.OrdinalIgnoreCase) == false) { return View(order); } else { order.Username = Context.User.GetUserName(); order.OrderDate = DateTime.Now; //Add the Order DbContext.Orders.Add(order); //Process the order var cart = ShoppingCart.GetCart(DbContext, Context); await cart.CreateOrder(order); // Save all changes await DbContext.SaveChangesAsync(requestAborted); return RedirectToAction("Complete", new { id = order.OrderId }); } } catch { //Invalid - redisplay with errors return View(order); } } // // GET: /Checkout/Complete public async Task Complete(int id) { // Validate customer owns this order bool isValid = await DbContext.Orders.AnyAsync( o => o.OrderId == id && o.Username == Context.User.GetUserName()); if (isValid) { return View(id); } else { return View("Error"); } } } }