Added HMAC validate code example (#150)

* added HMAC validate code example

* fixed pipeline

* changed to use a var

* added changes to manifest

* Update CodeExamplesManifest.json

fixed a typo
removed a period
updated title to "Validate HMAC signature"

Signed-off-by: meihDS <[email protected]>

---------

Signed-off-by: meihDS <[email protected]>
Co-authored-by: meihDS <[email protected]>

Author: annahileta

ExamplesApiTypeExtensions.cs

@@ -37,6 +37,12 @@ public enum ExamplesApiType
         /// </summary>
         [Description("aeg")]
         Admin = 4,
+
+        /// <summary>
+        /// Connect API
+        /// </summary>
+        [Description("con")]
+        Connect = 5,
     }
 
     public static class ExamplesApiTypeExtensions

launcher-csharp/Connect/Controllers/ValidateWebhookMessage.cs

@@ -0,0 +1,41 @@
+// <copyright file="ValidateWebhookMessage.cs" company="DocuSign">
+// Copyright (c) DocuSign. All rights reserved.
+// </copyright>
+
+namespace DocuSign.CodeExamples.Connect.Controllers
+{
+    using DocuSign.CodeExamples.Common;
+    using DocuSign.CodeExamples.Controllers;
+    using DocuSign.CodeExamples.Models;
+    using DocuSign.Connect.Examples;
+    using Microsoft.AspNetCore.Mvc;
+
+    [Area("Connect")]
+    [Route("con001")]
+    public class ValidateWebhookMessage : EgController
+    {
+        public ValidateWebhookMessage(DsConfiguration config, LauncherTexts launcherTexts, IRequestItemsService requestItemsService)
+            : base(config, launcherTexts, requestItemsService)
+        {
+            this.CodeExampleText = this.GetExampleText(this.EgName, ExamplesApiType.Connect);
+            this.ViewBag.title = this.CodeExampleText.ExampleName;
+        }
+
+        public override string EgName => "con001";
+
+        [SetViewBag]
+        [HttpPost]
+        [ValidateAntiForgeryToken]
+        public ActionResult ValidateMessageUsing(string hmacSecret, string jsonPayload)
+        {
+            jsonPayload = jsonPayload.Replace("\\", string.Empty);
+
+            string hashedOutput = HMACValidation.ComputeHash(hmacSecret, jsonPayload);
+
+            this.ViewBag.h1 = this.CodeExampleText.ExampleName;
+            this.ViewBag.message = this.CodeExampleText.ResultsPageText.Replace("{0}", hashedOutput);
+
+            return this.View("example_done");
+        }
+    }
+}

launcher-csharp/Connect/Examples/HMACValidation.cs

@@ -0,0 +1,30 @@
+// <copyright file="HMACValidation.cs" company="DocuSign">
+// Copyright (c) DocuSign. All rights reserved.
+// </copyright>
+
+namespace DocuSign.Connect.Examples
+{
+    using System;
+    using System.Security.Cryptography;
+    using System.Text;
+
+    public static class HMACValidation
+    {
+        public static string ComputeHash(string secret, string payload)
+        {
+            byte[] bytes = Encoding.UTF8.GetBytes(secret);
+            var hmac = new HMACSHA256(bytes);
+            bytes = Encoding.UTF8.GetBytes(payload);
+
+            return Convert.ToBase64String(hmac.ComputeHash(bytes));
+        }
+
+        public static bool HashIsValid(string secret, string payload, string verify)
+        {
+            ReadOnlySpan<byte> hashBytes = Convert.FromBase64String(ComputeHash(secret, payload));
+            ReadOnlySpan<byte> verifyBytes = Convert.FromBase64String(verify);
+
+            return CryptographicOperations.FixedTimeEquals(hashBytes, verifyBytes);
+        }
+    }
+}

launcher-csharp/Connect/Views/ValidateWebhookMessage/Con001.cshtml

@@ -0,0 +1,53 @@
+@{
+    int formNumber = 0;
+    int hmacInputNumber = 0;
+    int jsonInputNumber = 1;
+}
+
+<h4>@Html.Raw(ViewBag.CodeExampleText.ExampleName)</h4>
+<p>
+    @Html.Raw(ViewBag.CodeExampleText.ExampleDescription)
+</p>
+
+<partial name="../../../Views/Shared/LinkToMethodView" model="ViewBag.CodeExampleText" /> 
+<p>
+    @Html.Raw(
+        @String.Format(
+            ViewBag.SupportingTexts.ViewSourceFile, 
+            "<a target='_blank' href=" + @ViewBag.source + ">HmacSha256Encrypts.cs</a>"
+            )
+        )
+</p>
+
+<p>
+    <b>Prerequisites:</b> See <a href="https://developers.docusign.com/platform/webhooks/connect/validate/">How to validate a webhook message using HMAC</a>.
+</p>
+
+<form class="eg" action="" method="post" data-busy="form">
+    <div class="form-group" style="display: flex;">
+        <label for="hmacSecret" style="width: 50%;">
+            @Html.Raw(ViewBag.CodeExampleText.Forms[formNumber].Inputs[hmacInputNumber].InputName)
+        </label>
+
+        <input type="text"
+               class="form-control" 
+               id="hmacSecret" 
+               name="hmacSecret"
+               required/>
+    </div>
+    <div class="form-group">
+        <label for="jsonPayload">
+            @Html.Raw(ViewBag.CodeExampleText.Forms[formNumber].Inputs[jsonInputNumber].InputName)
+        </label>
+
+        <textarea
+            rows="6" 
+            class="form-control" 
+            id="jsonPayload" 
+            name="jsonPayload"
+            required ></textarea>
+    </div>
+    <input type="hidden" name="_csrf" value="@ViewBag.csrfToken">
+    <button type="submit" class="btn btn-primary">@Html.Raw(ViewBag.SupportingTexts.SubmitButton)</button>
+</form>
+

launcher-csharp/Views/Home/Index.cshtml

@@ -42,6 +42,7 @@
                     : ((ApIs) api).Name.ToLower() == ExamplesApiType.Click.ToString().ToLower()  ? ExamplesApiType.Click.ToKeywordString()
                     : ((ApIs) api).Name.ToLower() == ExamplesApiType.Monitor.ToString().ToLower()  ? ExamplesApiType.Monitor.ToKeywordString()
                     : ((ApIs) api).Name.ToLower() == ExamplesApiType.Rooms.ToString().ToLower() ? ExamplesApiType.Rooms.ToKeywordString()
+                    : ((ApIs) api).Name.ToLower() == ExamplesApiType.Connect.ToString().ToLower() ? ExamplesApiType.Connect.ToKeywordString()
                     : ExamplesApiType.Admin.ToKeywordString();
 
                 @foreach(var exampleGroup in api.Groups)

launcher-csharp/Views/Shared/LinkToMethodView.cshtml

@@ -1,28 +1,32 @@
-@model DocuSign.CodeExamples.ESignature.Models.CodeExampleText
+@using Microsoft.EntityFrameworkCore.Migrations
+@model DocuSign.CodeExamples.ESignature.Models.CodeExampleText
 <p>
-    @if(Model.LinksToApiMethod.Count == 1)
+    @if (Model.LinksToApiMethod.Count != 0)
     {
-        <span>@Html.Raw(ViewBag.SupportingTexts.ApiMethodUsed)</span>
-    } 
-    else
-    {
-        <span>@Html.Raw(ViewBag.SupportingTexts.ApiMethodUsedPlural)</span>
-    }
-
-    @for(int i = 0; i < Model.LinksToApiMethod.Count; ++i)
-    {
-        <a target='_blank' href="@Model.LinksToApiMethod[i].Path">@Html.Raw(Model.LinksToApiMethod[i].PathName)</a>
-        @if(i + 1 == Model.LinksToApiMethod.Count)
+        @if (Model.LinksToApiMethod.Count == 1)
         {
-            <span></span>
+            <span>@Html.Raw(ViewBag.SupportingTexts.ApiMethodUsed)</span>
         }
-        else if(i + 1 == Model.LinksToApiMethod.Count - 1)
+        else
         {
-            <span> and </span>
+            <span>@Html.Raw(ViewBag.SupportingTexts.ApiMethodUsedPlural)</span>
         }
-        else
+
+        @for (int i = 0; i < Model.LinksToApiMethod.Count; ++i)
         {
-            <span>, </span>
+            <a target='_blank' href="@Model.LinksToApiMethod[i].Path">@Html.Raw(Model.LinksToApiMethod[i].PathName)</a>
+            @if (i + 1 == Model.LinksToApiMethod.Count)
+            {
+                <span></span>
+            }
+            else if (i + 1 == Model.LinksToApiMethod.Count - 1)
+            {
+                <span> and </span>
+            }
+            else
+            {
+                <span>, </span>
+            }
         }
     }
 </p>

launcher-csharp/wwwroot/js/search.js

@@ -5,6 +5,7 @@
         CLICK: 'click',
         ROOMS: 'rooms',
         ADMIN: 'admin',
+        CONNECT: 'connect'
     };
 
     let processJSONData = function () {
@@ -121,7 +122,9 @@
             case API_TYPES.MONITOR:
                 return "meg";
             case API_TYPES.ESIGNATURE:
-                return "eg"
+                return "eg";
+            case API_TYPES.CONNECT:
+                return "con";
         }
     }
 
@@ -156,33 +159,34 @@
                                         $("#filtered_code_examples").append("<p>" + example.ExampleDescription + "</p>");
 
                                         $("#filtered_code_examples").append("<p>");
-
-                                        if (example.LinksToAPIMethod.length == 1) {
-                                            $("#filtered_code_examples").append(processJSONData().SupportingTexts.APIMethodUsed);
-                                        }
-                                        else {
-                                            $("#filtered_code_examples").append(processJSONData().SupportingTexts.APIMethodUsedPlural);
-                                        }
-
-                                        for (let index = 0; index < example.LinksToAPIMethod.length; index++) {
-                                            $("#filtered_code_examples").append(
-                                                " <a target='_blank' href='"
-                                                + example.LinksToAPIMethod[index].Path
-                                                + "'>"
-                                                + example.LinksToAPIMethod[index].PathName
-                                                + "</a>"
-                                            );
-
-                                            if (index + 1 === example.LinksToAPIMethod.length) {
-                                                $("#filtered_code_examples").append("<span></span>");
-                                            }
-                                            else if (index + 1 === example.LinksToAPIMethod.length - 1) {
-                                                $("#filtered_code_examples").append("<span> and </span>");
+                                        if (example.LinksToAPIMethod.length !== 0) {
+                                            if (example.LinksToAPIMethod.length == 1) {
+                                                $("#filtered_code_examples").append(processJSONData().SupportingTexts.APIMethodUsed);
                                             }
                                             else {
-                                                $("#filtered_code_examples").append("<span>, </span>");
+                                                $("#filtered_code_examples").append(processJSONData().SupportingTexts.APIMethodUsedPlural);
                                             }
 
+                                            for (let index = 0; index < example.LinksToAPIMethod.length; index++) {
+                                                $("#filtered_code_examples").append(
+                                                    " <a target='_blank' href='"
+                                                    + example.LinksToAPIMethod[index].Path
+                                                    + "'>"
+                                                    + example.LinksToAPIMethod[index].PathName
+                                                    + "</a>"
+                                                );
+
+                                                if (index + 1 === example.LinksToAPIMethod.length) {
+                                                    $("#filtered_code_examples").append("<span></span>");
+                                                }
+                                                else if (index + 1 === example.LinksToAPIMethod.length - 1) {
+                                                    $("#filtered_code_examples").append("<span> and </span>");
+                                                }
+                                                else {
+                                                    $("#filtered_code_examples").append("<span>, </span>");
+                                                }
+
+                                            }
                                         }
 
                                         $("#filtered_code_examples").append("</p> ");

manifest/CodeExamplesManifest.json

@@ -2588,6 +2588,35 @@
                     ]
                 }
             ]
+        },
+        {
+            "Name": "Connect",
+            "Groups": [
+                {
+                    "Name": "Connect examples",
+                    "Examples": [
+                        {
+                            "ExampleNumber": 1,
+                            "ExampleName": "Validate HMAC signature",
+                            "ExampleDescription": "Demonstrates an example workflow for a client app receiving and validating a webhook (DocuSign Connect) message using HMAC security.",
+                            "Forms": [
+                                {
+                                    "Inputs": [
+                                        {
+                                            "InputName": "HMAC secret"
+                                        },
+                                        {
+                                            "InputName": "Plain text JSON payload"
+                                        }
+                                    ]
+                                }
+                            ],
+                            "ResultsPageText": "This value should match the value of your x-docusign-signature header: <br/>HMAC signature {0}",
+                            "SkipForLanguages": "bash;powershell;ruby;java;php;python;node"
+                        }
+                    ]
+                }
+            ]
         }
     ]
 }