diff --git a/api/modules/accounts/models/EnableTwoFactorAuthForm.php b/api/modules/accounts/models/EnableTwoFactorAuthForm.php index 0216c19..be86125 100644 --- a/api/modules/accounts/models/EnableTwoFactorAuthForm.php +++ b/api/modules/accounts/models/EnableTwoFactorAuthForm.php @@ -18,7 +18,7 @@ class EnableTwoFactorAuthForm extends AccountActionForm { return [ ['account', 'validateOtpDisabled'], ['totp', 'required', 'message' => E::TOTP_REQUIRED], - ['totp', TotpValidator::class, 'account' => $this->getAccount()], + ['totp', TotpValidator::class, 'account' => $this->getAccount(), 'window' => 2], ['password', PasswordRequiredValidator::class, 'account' => $this->getAccount()], ]; } diff --git a/api/validators/TotpValidator.php b/api/validators/TotpValidator.php index da84468..ce8f6e8 100644 --- a/api/validators/TotpValidator.php +++ b/api/validators/TotpValidator.php @@ -20,7 +20,7 @@ class TotpValidator extends Validator { * @var int|null Задаёт окно, в промежуток которого будет проверяться код. * Позволяет избежать ситуации, когда пользователь ввёл код в последнюю секунду * его существования и пока шёл запрос, тот протух. - * Значение задаётся в +- кодах, а не секундах. + * Значение задаётся в +- периодах, а не секундах. */ public $window; diff --git a/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php b/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php index aff4324..841dffe 100644 --- a/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php +++ b/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php @@ -58,4 +58,15 @@ class EnableTwoFactorAuthCest { ]); } + public function testSuccessEnableWithNotSoExpiredCode(FunctionalTester $I) { + $accountId = $I->amAuthenticated('AccountWithOtpSecret'); + $totp = TOTP::create('AAAA'); + $this->route->enableTwoFactorAuth($accountId, $totp->at(time() - 35), 'password_0'); + $I->canSeeResponseCodeIs(200); + $I->canSeeResponseIsJson(); + $I->canSeeResponseContainsJson([ + 'success' => true, + ]); + } + }