Change state management

cartridges/int_reachfive/cartridge/scripts/helpers/reachFiveHelper.js

@@ -16,7 +16,9 @@ var Resource = require('dw/web/Resource');
 var LOGGER = require('dw/system/Logger').getLogger('loginReachFive');
 var StringUtils = require('dw/util/StringUtils');
 var URLUtils = require('dw/web/URLUtils');
-
+var CustomObjectMgr = require('dw/object/CustomObjectMgr');
+var Transaction = require('dw/system/Transaction');
+var UUIDUtils = require('dw/util/UUIDUtils');
 var reachFiveService = require('*/cartridge/scripts/interfaces/reachFiveInterface');
 var ReachfiveSessionModel = require('*/cartridge/models/reachfiveSession');
 
@@ -380,35 +382,23 @@ function getProfileRequestObjFromForm(customerForm) {
     return requestObj;
 }
 
-
-
 /**
- * @function
- * @description Prepare BASE64 string object for redirect
- * @param {string} redirectURL redirect url
- * @param {string} action Controller endpoint action
- * @param {boolean} [handleCustomerRoute] handle flag
- * @return {string} result
- * */
-function getStateObjBase64(redirectURL, action, handleCustomerRoute, data) {
-    var stateObj = {
-        redirectURL: redirectURL,
-        action: action
-    };
+ * @description Creates a state object, stores it in the session, and returns a unique ID for it. This is used to pass data through the OAuth flow.
+ * @param {string} redirectURL - The URL to redirect to after authentication.
+ * @param {string} action - The action being performed.
+ * @param {boolean} handleCustomerRoute - A flag to indicate if the customer route should be handled.
+ * @param {string|Object} [data] - Optional data to be stored in the state.
+ * @returns {string} A unique ID representing the state stored in the session.
+ */
+function getState(redirectURL, action, handleCustomerRoute, data) {
+    var uniqueID = UUIDUtils.createUUID();
+    var stateObject = {redirectURL, action, handleCustomerRoute, data}
 
-    if (handleCustomerRoute) {
-        stateObj.handleCustomerRoute = handleCustomerRoute;
-    }
+    session.custom[uniqueID] = JSON.stringify(stateObject); 
 
-    //Put the data query param as a JSON object in the state
-    if (data) {
-        stateObj.data = data;
-    }
-
-    return StringUtils.encodeBase64(JSON.stringify(stateObj));
+    return uniqueID; 
 }
 
-
 /**
  * @function
  * @description Create ReachFive login redirect url for Storefront action
@@ -438,7 +428,7 @@ function createLoginRedirectUrl(tkn, stateTarget) {
     });
 
     // No need additional encoding
-    queryObjEncoded.state = getStateObjBase64(stateTarget);
+    queryObjEncoded.state = getState(stateTarget);
     queryObjEncoded.tkn = tkn;
 
     Object.keys(queryObjEncoded).forEach(function (key) {
@@ -534,7 +524,7 @@ module.exports.getReachFiveCookieName = getReachFiveCookieName;
 module.exports.getReachFiveLoginCookieName = getReachFiveLoginCookieName;
 module.exports.setReachFiveLoginCookie = setReachFiveLoginCookie;
 module.exports.getReachFiveUserCustomObjectType = getReachFiveUserCustomObjectType;
-module.exports.getStateObjBase64 = getStateObjBase64;
+module.exports.getState = getState;
 module.exports.createLoginRedirectUrl = createLoginRedirectUrl;
 module.exports.verifySessionAccessTkn = verifySessionAccessTkn;
 module.exports.isReachFiveEnableKakaoTalkNameSplit = isReachFiveEnableKakaoTalkNameSplit;

cartridges/int_reachfive/cartridge/scripts/hooks/initGlobals.js

@@ -60,8 +60,8 @@ initGlobal.afterFooter = function (pdict) {
         }
 
         var data = request.httpParameterMap.data.value; //Get the query param data in order to store it in the state value
-        var stateObjBase64 = reachFiveHelper.getStateObjBase64(targetPage.toString(), pdict.action, handleCustomerRoute, data);
-        var signUpStateObjBase64 = reachFiveHelper.getStateObjBase64(signUpTargetPage.toString(), pdict.action, handleCustomerRoute);
+        var state = reachFiveHelper.getState(targetPage.toString(), pdict.action, handleCustomerRoute, data);
+        var signUpStateObj = reachFiveHelper.getState(signUpTargetPage.toString(), pdict.action, handleCustomerRoute);
 
         if (pdict.disableSSOLogin) {
             context.isSessionAuthRequired = false;
@@ -77,7 +77,7 @@ initGlobal.afterFooter = function (pdict) {
         context.reachFiveLogoutUrl = URLUtils.https('Login-Logout');
         context.siteID = System.getCurrent().getID();
         context.stateUrl = targetPage;
-        context.stateObjBase64 = stateObjBase64;
+        context.state = state;
         context.reachFiveCookieName = reachFiveHelper.getReachFiveCookieName();
         context.reachFiveLoginCookieName = reachFiveHelper.getReachFiveLoginCookieName();
         context.reachFiveAccess_token = reachfiveSession.access_token;
@@ -86,7 +86,7 @@ initGlobal.afterFooter = function (pdict) {
         if (isLoadUISDK) {
             context.isReachFiveLoginAllowed = reachFiveHelper.isReachFiveLoginAllowed();
             context.reachFiveUiSdkUrl = reachFiveHelper.getReachFiveUiSdkUrl();
-            context.signUpStateObjBase64 = signUpStateObjBase64;
+            context.signUpStateObj = signUpStateObj;
             context.resetPassLoginUrl = URLUtils.https('Login-Show');
             context.isTransitionActive = reachFiveHelper.isReachFiveTransitionActive();
             context.updateProfileUrl = URLUtils.url('ReachFiveController-UpdateCustomer');

cartridges/int_reachfive_sfra/cartridge/client/default/js/reachfiveglobal.js

@@ -18,7 +18,7 @@ $(function () {
             if (sessionInfo && sessionInfo.isAuthenticated) {
                 sdkCoreClient.loginFromSession({
                     redirectUri: reach5Const.callbackUrl,
-                    state: reach5Const.stateObjBase64
+                    state: reach5Const.state
                 });
             }
         });

cartridges/int_reachfive_sfra/cartridge/controllers/ReachFiveController.js

@@ -79,7 +79,18 @@ function getStateData(req) {
         handleCustomerRoute: false
     };
     if (req.httpParameterMap.isParameterSubmitted('state')) {
-        var stateObjStr = dwStringUtils.decodeBase64(req.httpParameterMap.state.value);
+        var stateObjStr = '';
+        var state = req.httpParameterMap.state.value
+
+        if (session.custom[state]) {
+            stateObjStr = session.custom[state];
+            delete session.custom[state];
+
+        } else {
+            LOGGER.error('No state data');
+        }
+
+
         try {
             stateObj = JSON.parse(stateObjStr);
         } catch (err) {

cartridges/int_reachfive_sfra/cartridge/templates/default/reachfiveinitglobal.isml

@@ -21,7 +21,7 @@
                 reachFiveLogoutUrl: '${pdict.reachFiveLogoutUrl}',
                 siteID: '${pdict.siteID}',
                 stateUrl: '${pdict.stateUrl}',
-                stateObjBase64: '${pdict.stateObjBase64}',
+                state: '${pdict.state}',
                 reachFiveCookieName: '${pdict.reachFiveCookieName}',
                 reachFiveLoginCookieName: '${pdict.reachFiveLoginCookieName}'
             }
@@ -73,7 +73,7 @@
             let allowForgotPassword = ${!pdict.isTransitionActive};
             let redirectUri = '${pdict.callbackUrl}';
             let origin ='${pdict.siteID}';
-            let state = '${pdict.stateObjBase64}';
+            let state = '${pdict.state}';
             let loginLink = '${pdict.resetPassLoginUrl}';
             let accessToken = '${pdict.reachFiveAccess_token}';
             let providerAccessToken = '${pdict.reachFiveProviderAccessToken}';