public static string GenerateBuyerCookie(BuyerToken token, string secret)
{
//using a separator to keep the string as short as possible. It's possible these values will have to be stored in a database if the vendor system can't handle longer buyer cookie values. One could also work the token in the punchoutordermessage url, but some systems may require that url to be static.
var sessionValues = Encoding.UTF8.GetBytes($"{token.Username}/{token.UserID}/{token.clientID}/{token.PunchoutName}/{token.CurrentOrderID}/{token.BuyerID}/{token.dateSigned}/");
return($"{Base64UrlEncoder.Encode(sessionValues)}.{GenerateCookieHash(sessionValues, secret)}");
}
public static BuyerToken ValidateBuyerCookie(string cookie, string secret)
{
var sessionValues = Base64UrlEncoder.DecodeBytes(cookie.Split('.')[0]);
var hashFromCookie = cookie.Split('.')[1];
if (GenerateCookieHash(sessionValues, secret) != hashFromCookie)
{
throw new Exception("this is not a valid buyer cookie");
}
var sessionValueStrings = Encoding.UTF8.GetString(sessionValues).Split('/');
var buyerToken = new BuyerToken
{
Username = sessionValueStrings[0],
UserID = sessionValueStrings[1],
clientID = sessionValueStrings[2],
PunchoutName = sessionValueStrings[3],
CurrentOrderID = sessionValueStrings[4],
BuyerID = sessionValueStrings[5],
dateSigned = Convert.ToDouble(sessionValueStrings[6])
};
if (TimeInHours() - buyerToken.dateSigned > 8) //or whatever time makes sense
{
throw new Exception("buyer cookie has expiried");
}
return(buyerToken);
}
private async Task Additem(XElement item, OrderCloudAPI api, BuyerToken validatedToken, string productID)
{
var lineItem = new OrderCloudLineItem
{
ProductID = productID,
Quantity = Convert.ToInt32(item.Attributes().Where(x => x.Name == "quantity").FirstOrDefault()?.Value),
UnitPrice = Convert.ToDecimal(item.Descendants("Money").FirstOrDefault()?.Value)
};
lineItem.xp.PunchoutName = validatedToken.PunchoutName;
lineItem.xp.SupplierPartAuxiliaryID = item.Descendants("SupplierPartAuxiliaryID").FirstOrDefault()?.Value;
lineItem.xp.SupplierPartID = item.Descendants("SupplierPartID").FirstOrDefault()?.Value;
//since the ShortName element is also a child of description, it's werid to pull the sibling text which is also a child of description. There must be a better way.<Description><ShortName>some name</ShortName>some other additional text</Description>
lineItem.xp.Description = item.Descendants("Description").DescendantNodesAndSelf()
.FirstOrDefault(x => x.NodeType == XmlNodeType.Text && x.Parent.Name == "Description")?
.ToString();
lineItem.xp.ShortName = item.Descendants("ShortName").FirstOrDefault()?.Value;
await api.CreateLineItem(validatedToken.BuyerID, validatedToken.CurrentOrderID, lineItem);
}
