From a8ed9ce8a5743c2731ae3c5e55f9542581a61a81 Mon Sep 17 00:00:00 2001
From: Quentin Morvan <quentinmorvan@MacBook-Pro-QMO.local>
Date: Thu, 21 Aug 2025 15:15:01 +0200
Subject: [PATCH 1/3] Change state management

---
 .../scripts/helpers/reachFiveHelper.js          | 13 ++++++++++++-
 .../cartridge/scripts/hooks/initGlobals.js      |  4 ++--
 .../client/default/js/reachfiveglobal.js        |  2 +-
 .../controllers/ReachFiveController.js          | 17 ++++++++++++++++-
 .../static/default/js/reachfiveglobal.js        |  2 +-
 .../templates/default/reachfiveinitglobal.isml  |  4 ++--
 6 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js b/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js
index 01938c9..86b0dbd 100644
--- a/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js
+++ b/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js
@@ -16,7 +16,9 @@ var Resource = require('dw/web/Resource');
 var LOGGER = require('dw/system/Logger').getLogger('loginReachFive');
 var StringUtils = require('dw/util/StringUtils');
 var URLUtils = require('dw/web/URLUtils');
-
+var CustomObjectMgr = require('dw/object/CustomObjectMgr');
+var Transaction = require('dw/system/Transaction');
+var UUIDUtils = require('dw/util/UUIDUtils');
 var reachFiveService = require('*/cartridge/scripts/interfaces/reachFiveInterface');
 var ReachfiveSessionModel = require('*/cartridge/models/reachfiveSession');
 
@@ -408,6 +410,14 @@ function getStateObjBase64(redirectURL, action, handleCustomerRoute, data) {
     return StringUtils.encodeBase64(JSON.stringify(stateObj));
 }
 
+function getState(redirectURL, action, handleCustomerRoute, data) {
+    var uniqueID = UUIDUtils.createUUID(); // ID unique
+    var stateObject = {redirectURL, action, handleCustomerRoute, data}
+
+    session.custom[uniqueID] = JSON.stringify(stateObject); 
+
+    return uniqueID; 
+}
 
 /**
  * @function
@@ -535,6 +545,7 @@ module.exports.getReachFiveLoginCookieName = getReachFiveLoginCookieName;
 module.exports.setReachFiveLoginCookie = setReachFiveLoginCookie;
 module.exports.getReachFiveUserCustomObjectType = getReachFiveUserCustomObjectType;
 module.exports.getStateObjBase64 = getStateObjBase64;
+module.exports.getState = getState;
 module.exports.createLoginRedirectUrl = createLoginRedirectUrl;
 module.exports.verifySessionAccessTkn = verifySessionAccessTkn;
 module.exports.isReachFiveEnableKakaoTalkNameSplit = isReachFiveEnableKakaoTalkNameSplit;
diff --git a/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js b/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js
index 617e4e4..eca23a7 100644
--- a/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js
+++ b/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js
@@ -60,7 +60,7 @@ initGlobal.afterFooter = function (pdict) {
         }
 
         var data = request.httpParameterMap.data.value; //Get the query param data in order to store it in the state value
-        var stateObjBase64 = reachFiveHelper.getStateObjBase64(targetPage.toString(), pdict.action, handleCustomerRoute, data);
+        var state = reachFiveHelper.getState(targetPage.toString(), pdict.action, handleCustomerRoute, data);
         var signUpStateObjBase64 = reachFiveHelper.getStateObjBase64(signUpTargetPage.toString(), pdict.action, handleCustomerRoute);
 
         if (pdict.disableSSOLogin) {
@@ -77,7 +77,7 @@ initGlobal.afterFooter = function (pdict) {
         context.reachFiveLogoutUrl = URLUtils.https('Login-Logout');
         context.siteID = System.getCurrent().getID();
         context.stateUrl = targetPage;
-        context.stateObjBase64 = stateObjBase64;
+        context.state = state;
         context.reachFiveCookieName = reachFiveHelper.getReachFiveCookieName();
         context.reachFiveLoginCookieName = reachFiveHelper.getReachFiveLoginCookieName();
         context.reachFiveAccess_token = reachfiveSession.access_token;
diff --git a/cartridges/int_reachfive_sfra/cartridge/client/default/js/reachfiveglobal.js b/cartridges/int_reachfive_sfra/cartridge/client/default/js/reachfiveglobal.js
index 03c5f8a..327bffc 100644
--- a/cartridges/int_reachfive_sfra/cartridge/client/default/js/reachfiveglobal.js
+++ b/cartridges/int_reachfive_sfra/cartridge/client/default/js/reachfiveglobal.js
@@ -18,7 +18,7 @@ $(function () {
             if (sessionInfo && sessionInfo.isAuthenticated) {
                 sdkCoreClient.loginFromSession({
                     redirectUri: reach5Const.callbackUrl,
-                    state: reach5Const.stateObjBase64
+                    state: reach5Const.state
                 });
             }
         });
diff --git a/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js b/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js
index b8aa69b..5dd00aa 100644
--- a/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js
+++ b/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js
@@ -79,7 +79,19 @@ function getStateData(req) {
         handleCustomerRoute: false
     };
     if (req.httpParameterMap.isParameterSubmitted('state')) {
-        var stateObjStr = dwStringUtils.decodeBase64(req.httpParameterMap.state.value);
+        // var stateObjStr = dwStringUtils.decodeBase64(req.httpParameterMap.state.value);
+        var stateObjStr = '';
+        var state = req.httpParameterMap.state.value
+        if (
+            session.custom[state]
+        ) {
+            stateObjStr = session.custom[state];
+
+        } else {
+            LOGGER.error('No state data');
+        }
+
+        
         try {
             stateObj = JSON.parse(stateObjStr);
         } catch (err) {
@@ -104,6 +116,9 @@ function getStateData(req) {
         }
     }
 
+
+
+
     return stateData;
 }
 
diff --git a/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js b/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js
index 5a95638..a8c61d5 100644
--- a/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js
+++ b/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js
@@ -1 +1 @@
-!function(){"use strict";$((function(){var e='a[href$="Login-Logout"]',t={BODY:document.querySelector("body")};reach5Const.isSessionAuthRequired&&sdkCoreClient.getSessionInfo().then((function(e){e&&e.isAuthenticated&&sdkCoreClient.loginFromSession({redirectUri:reach5Const.callbackUrl,state:reach5Const.stateObjBase64})})),t.BODY.addEventListener("click",(function(t){t.target.matches(e)&&(t.preventDefault(),sdkCoreClient.getSessionInfo().then((function(e){e&&e.isAuthenticated?sdkCoreClient.logout({redirectTo:reach5Const.reachFiveLogoutUrl}):window.location.href=t.target.href})).catch((function(){window.location.href=t.target.href})))}))}))}();
\ No newline at end of file
+!function(){"use strict";$(function(){var e='a[href$="Login-Logout"]',t={BODY:document.querySelector("body")};reach5Const.isSessionAuthRequired&&sdkCoreClient.getSessionInfo().then(function(e){e&&e.isAuthenticated&&sdkCoreClient.loginFromSession({redirectUri:reach5Const.callbackUrl,state:reach5Const.state})}),t.BODY.addEventListener("click",function(t){t.target.matches(e)&&(t.preventDefault(),sdkCoreClient.getSessionInfo().then(function(e){e&&e.isAuthenticated?sdkCoreClient.logout({redirectTo:reach5Const.reachFiveLogoutUrl}):window.location.href=t.target.href}).catch(function(){window.location.href=t.target.href}))})})}();
\ No newline at end of file
diff --git a/cartridges/int_reachfive_sfra/cartridge/templates/default/reachfiveinitglobal.isml b/cartridges/int_reachfive_sfra/cartridge/templates/default/reachfiveinitglobal.isml
index 03f3184..cb06a45 100644
--- a/cartridges/int_reachfive_sfra/cartridge/templates/default/reachfiveinitglobal.isml
+++ b/cartridges/int_reachfive_sfra/cartridge/templates/default/reachfiveinitglobal.isml
@@ -21,7 +21,7 @@
                 reachFiveLogoutUrl: '${pdict.reachFiveLogoutUrl}',
                 siteID: '${pdict.siteID}',
                 stateUrl: '${pdict.stateUrl}',
-                stateObjBase64: '${pdict.stateObjBase64}',
+                state: '${pdict.state}',
                 reachFiveCookieName: '${pdict.reachFiveCookieName}',
                 reachFiveLoginCookieName: '${pdict.reachFiveLoginCookieName}'
             }
@@ -73,7 +73,7 @@
             let allowForgotPassword = ${!pdict.isTransitionActive};
             let redirectUri = '${pdict.callbackUrl}';
             let origin ='${pdict.siteID}';
-            let state = '${pdict.stateObjBase64}';
+            let state = '${pdict.state}';
             let loginLink = '${pdict.resetPassLoginUrl}';
             let accessToken = '${pdict.reachFiveAccess_token}';
             let providerAccessToken = '${pdict.reachFiveProviderAccessToken}';

From 10615c39ae00637ee32a4be77949fa28843ddac2 Mon Sep 17 00:00:00 2001
From: Quentin Morvan <quentinmorvan@MacBook-Pro-QMO-20.local>
Date: Tue, 23 Sep 2025 14:28:45 +0200
Subject: [PATCH 2/3] Forwarding

---
 .../scripts/helpers/reachFiveHelper.js        | 39 +++++--------------
 .../cartridge/scripts/hooks/initGlobals.js    |  4 +-
 .../controllers/ReachFiveController.js        | 10 ++---
 3 files changed, 14 insertions(+), 39 deletions(-)

diff --git a/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js b/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js
index 86b0dbd..84b83ef 100644
--- a/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js
+++ b/cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js
@@ -382,36 +382,16 @@ function getProfileRequestObjFromForm(customerForm) {
     return requestObj;
 }
 
-
-
 /**
- * @function
- * @description Prepare BASE64 string object for redirect
- * @param {string} redirectURL redirect url
- * @param {string} action Controller endpoint action
- * @param {boolean} [handleCustomerRoute] handle flag
- * @return {string} result
- * */
-function getStateObjBase64(redirectURL, action, handleCustomerRoute, data) {
-    var stateObj = {
-        redirectURL: redirectURL,
-        action: action
-    };
-
-    if (handleCustomerRoute) {
-        stateObj.handleCustomerRoute = handleCustomerRoute;
-    }
-
-    //Put the data query param as a JSON object in the state
-    if (data) {
-        stateObj.data = data;
-    }
-
-    return StringUtils.encodeBase64(JSON.stringify(stateObj));
-}
-
+ * @description Creates a state object, stores it in the session, and returns a unique ID for it. This is used to pass data through the OAuth flow.
+ * @param {string} redirectURL - The URL to redirect to after authentication.
+ * @param {string} action - The action being performed.
+ * @param {boolean} handleCustomerRoute - A flag to indicate if the customer route should be handled.
+ * @param {string|Object} [data] - Optional data to be stored in the state.
+ * @returns {string} A unique ID representing the state stored in the session.
+ */
 function getState(redirectURL, action, handleCustomerRoute, data) {
-    var uniqueID = UUIDUtils.createUUID(); // ID unique
+    var uniqueID = UUIDUtils.createUUID();
     var stateObject = {redirectURL, action, handleCustomerRoute, data}
 
     session.custom[uniqueID] = JSON.stringify(stateObject); 
@@ -448,7 +428,7 @@ function createLoginRedirectUrl(tkn, stateTarget) {
     });
 
     // No need additional encoding
-    queryObjEncoded.state = getStateObjBase64(stateTarget);
+    queryObjEncoded.state = getState(stateTarget);
     queryObjEncoded.tkn = tkn;
 
     Object.keys(queryObjEncoded).forEach(function (key) {
@@ -544,7 +524,6 @@ module.exports.getReachFiveCookieName = getReachFiveCookieName;
 module.exports.getReachFiveLoginCookieName = getReachFiveLoginCookieName;
 module.exports.setReachFiveLoginCookie = setReachFiveLoginCookie;
 module.exports.getReachFiveUserCustomObjectType = getReachFiveUserCustomObjectType;
-module.exports.getStateObjBase64 = getStateObjBase64;
 module.exports.getState = getState;
 module.exports.createLoginRedirectUrl = createLoginRedirectUrl;
 module.exports.verifySessionAccessTkn = verifySessionAccessTkn;
diff --git a/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js b/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js
index eca23a7..21321cd 100644
--- a/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js
+++ b/cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js
@@ -61,7 +61,7 @@ initGlobal.afterFooter = function (pdict) {
 
         var data = request.httpParameterMap.data.value; //Get the query param data in order to store it in the state value
         var state = reachFiveHelper.getState(targetPage.toString(), pdict.action, handleCustomerRoute, data);
-        var signUpStateObjBase64 = reachFiveHelper.getStateObjBase64(signUpTargetPage.toString(), pdict.action, handleCustomerRoute);
+        var signUpStateObj = reachFiveHelper.getState(signUpTargetPage.toString(), pdict.action, handleCustomerRoute);
 
         if (pdict.disableSSOLogin) {
             context.isSessionAuthRequired = false;
@@ -86,7 +86,7 @@ initGlobal.afterFooter = function (pdict) {
         if (isLoadUISDK) {
             context.isReachFiveLoginAllowed = reachFiveHelper.isReachFiveLoginAllowed();
             context.reachFiveUiSdkUrl = reachFiveHelper.getReachFiveUiSdkUrl();
-            context.signUpStateObjBase64 = signUpStateObjBase64;
+            context.signUpStateObj = signUpStateObj;
             context.resetPassLoginUrl = URLUtils.https('Login-Show');
             context.isTransitionActive = reachFiveHelper.isReachFiveTransitionActive();
             context.updateProfileUrl = URLUtils.url('ReachFiveController-UpdateCustomer');
diff --git a/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js b/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js
index 5dd00aa..d115e35 100644
--- a/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js
+++ b/cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js
@@ -79,13 +79,12 @@ function getStateData(req) {
         handleCustomerRoute: false
     };
     if (req.httpParameterMap.isParameterSubmitted('state')) {
-        // var stateObjStr = dwStringUtils.decodeBase64(req.httpParameterMap.state.value);
         var stateObjStr = '';
         var state = req.httpParameterMap.state.value
-        if (
-            session.custom[state]
-        ) {
+
+        if (session.custom[state]) {
             stateObjStr = session.custom[state];
+            delete session.custom[state];
 
         } else {
             LOGGER.error('No state data');
@@ -116,9 +115,6 @@ function getStateData(req) {
         }
     }
 
-
-
-
     return stateData;
 }
 

From 8c64e922def8c26f407a259a8b5fecb390dfe1b5 Mon Sep 17 00:00:00 2001
From: Quentin Morvan <quentinmorvan@MacBook-Pro-QMO-20.local>
Date: Tue, 23 Sep 2025 14:34:30 +0200
Subject: [PATCH 3/3] Revert built file

---
 .../cartridge/static/default/js/reachfiveglobal.js              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js b/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js
index a8c61d5..5a95638 100644
--- a/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js
+++ b/cartridges/int_reachfive_sfra/cartridge/static/default/js/reachfiveglobal.js
@@ -1 +1 @@
-!function(){"use strict";$(function(){var e='a[href$="Login-Logout"]',t={BODY:document.querySelector("body")};reach5Const.isSessionAuthRequired&&sdkCoreClient.getSessionInfo().then(function(e){e&&e.isAuthenticated&&sdkCoreClient.loginFromSession({redirectUri:reach5Const.callbackUrl,state:reach5Const.state})}),t.BODY.addEventListener("click",function(t){t.target.matches(e)&&(t.preventDefault(),sdkCoreClient.getSessionInfo().then(function(e){e&&e.isAuthenticated?sdkCoreClient.logout({redirectTo:reach5Const.reachFiveLogoutUrl}):window.location.href=t.target.href}).catch(function(){window.location.href=t.target.href}))})})}();
\ No newline at end of file
+!function(){"use strict";$((function(){var e='a[href$="Login-Logout"]',t={BODY:document.querySelector("body")};reach5Const.isSessionAuthRequired&&sdkCoreClient.getSessionInfo().then((function(e){e&&e.isAuthenticated&&sdkCoreClient.loginFromSession({redirectUri:reach5Const.callbackUrl,state:reach5Const.stateObjBase64})})),t.BODY.addEventListener("click",(function(t){t.target.matches(e)&&(t.preventDefault(),sdkCoreClient.getSessionInfo().then((function(e){e&&e.isAuthenticated?sdkCoreClient.logout({redirectTo:reach5Const.reachFiveLogoutUrl}):window.location.href=t.target.href})).catch((function(){window.location.href=t.target.href})))}))}))}();
\ No newline at end of file