aspnetcore/src/MusicStore/Controllers/CheckoutController.cs

using System.Security.Principal;
using Microsoft.AspNet.Mvc;
using MusicStore.Models;
using System;
using System.Linq;
using System.Threading.Tasks;

namespace MusicStore.Controllers
{
    //Bug: Missing auth filter
    //[Authorize]
    public class CheckoutController : Controller
    {
        MusicStoreContext db = new MusicStoreContext();
        const string PromoCode = "FREE";

        //
        // GET: /Checkout/

        public IActionResult AddressAndPayment()
        {
            return View();
        }

        //
        // POST: /Checkout/AddressAndPayment

        //Bug: Using direct model binding until we have TryUpdateModel available.
        [HttpPost]
        //public IActionResult AddressAndPayment(FormCollection values)
        public async Task<IActionResult> AddressAndPayment(Order order)
        {
            var formCollection = await Context.Request.GetFormAsync();

            try
            {
                if (string.Equals(formCollection.GetValues("PromoCode").FirstOrDefault(), PromoCode,
                    StringComparison.OrdinalIgnoreCase) == false)
                {
                    return View(order);
                }
                else
                {
                    // TODO [EF] Swap to store generated identity key when supported
                    var nextId = db.Orders.Any()
                        ? db.Orders.Max(o => o.OrderId) + 1
                        : 1;

                    order.OrderId = nextId;
                    order.Username = this.Context.User.Identity.GetUserName();
                    order.OrderDate = DateTime.Now;

                    //Add the Order
                    db.Orders.Add(order);

                    //Process the order
                    var cart = ShoppingCart.GetCart(db, this.Context);
                    cart.CreateOrder(order);

                    // Save all changes
                    db.SaveChanges();

                    return RedirectToAction("Complete",
                        new { id = order.OrderId });
                }
            }
            catch
            {
                //Invalid - redisplay with errors
                return View(order);
            }
        }

        //
        // GET: /Checkout/Complete

        public IActionResult Complete(int id)
        {
            // Validate customer owns this order
            bool isValid = db.Orders.Any(
                o => o.OrderId == id &&
                o.Username == this.Context.User.Identity.GetUserName());

            if (isValid)
            {
                return View(id);
            }
            else
            {
                return View("Error");
            }
        }
    }
}