Added comment for the deactivated part

[friendica.git] / src / Security / Authentication.php

diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php
index 9f45516f7d30bc4f1374da75e93d03a484f8a51c..42dc02340490b397864a73a74fc97ee97ea4fd36 100644 (file)
--- a/src/Security/Authentication.php
+++ b/src/Security/Authentication.php
@@ -244,15 +244,19 @@ class Authentication
        /**
         * Attempts to authenticate using login/password
         *
-        * @param App    $a        The Friendica Application context
-        * @param string $username User name
-        * @param string $password Clear password
-        * @param bool   $remember Whether to set the session remember flag
+        * @param App    $a           The Friendica Application context
+        * @param string $username
+        * @param string $password    Clear password
+        * @param bool   $remember    Whether to set the session remember flag
+        * @param string $return_path The relative path to redirect the user to after authentication
         *
-        * @throws HttpException\InternalServerErrorException In case of Friendica internal exceptions
-        * @throws Exception A general Exception (like SQL Grammar exceptions)
+        * @throws HTTPException\ForbiddenException
+        * @throws HTTPException\FoundException
+        * @throws HTTPException\InternalServerErrorException In case of Friendica internal exceptions
+        * @throws HTTPException\MovedPermanentlyException
+        * @throws HTTPException\TemporaryRedirectException
         */
-       public function withPassword(App $a, string $username, string $password, bool $remember)
+       public function withPassword(App $a, string $username, string $password, bool $remember, string $return_path = '')
        {
                $record = null;
 
@@ -287,10 +291,14 @@ class Authentication
                        $this->dba->update('user', ['openid' => $openid_identity, 'openidserver' => $openid_server], ['uid' => $record['uid']]);
                }
 
-               $this->setForUser($a, $record, true, true);
+               /**
+                * @see User::getPasswordRegExp()
+                */
+               if (PASSWORD_DEFAULT === PASSWORD_BCRYPT && strlen($password) > 72) {
+                       $return_path = '/security/password_too_long?' . http_build_query(['return_path' => $return_path]);
+               }
 
-               $return_path = $this->session->get('return_path', '');
-               $this->session->remove('return_path');
+               $this->setForUser($a, $record, true, true);
 
                $this->baseUrl->redirect($return_path);
        }
@@ -382,10 +390,6 @@ class Authentication
 
                if ($login_initial) {
                        Hook::callAll('logged_in', $user_record);
-
-                       if (DI::args()->getModuleName() !== 'home' && $this->session->exists('return_path')) {
-                               $this->baseUrl->redirect($this->session->get('return_path'));
-                       }
                }
        }