From 47b6761f78b5df03d6f972e63b896759fee72972 Mon Sep 17 00:00:00 2001
From: ErickSkrauch <erickskrauch@yandex.ru>
Date: Mon, 20 Nov 2017 20:48:43 +0300
Subject: [PATCH] =?UTF-8?q?=D0=A2=D0=B5=D0=BF=D0=B5=D1=80=D1=8C=20=D0=BD?=
 =?UTF-8?q?=D0=B0=20=D1=8D=D1=82=D0=B0=D0=BF=D0=B5=20=D0=B2=D0=BA=D0=BB?=
 =?UTF-8?q?=D1=8E=D1=87=D0=B5=D0=BD=D0=B8=D1=8F=20TOTP=20=D0=BA=D0=BE?=
 =?UTF-8?q?=D0=B4=20=D0=BC=D0=BE=D0=B6=D0=B5=D1=82=20=D0=B8=D1=81=D1=82?=
 =?UTF-8?q?=D0=B5=D1=87=D1=8C=20=D0=B2=20=D1=82=D0=B5=D1=87=D0=B5=D0=BD?=
 =?UTF-8?q?=D0=B8=D0=B5=202=20=D0=BF=D0=B5=D1=80=D0=B8=D0=BE=D0=B4=D0=BE?=
 =?UTF-8?q?=D0=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../accounts/models/EnableTwoFactorAuthForm.php       |  2 +-
 api/validators/TotpValidator.php                      |  2 +-
 .../functional/accounts/EnableTwoFactorAuthCest.php   | 11 +++++++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/api/modules/accounts/models/EnableTwoFactorAuthForm.php b/api/modules/accounts/models/EnableTwoFactorAuthForm.php
index 0216c19..be86125 100644
--- a/api/modules/accounts/models/EnableTwoFactorAuthForm.php
+++ b/api/modules/accounts/models/EnableTwoFactorAuthForm.php
@@ -18,7 +18,7 @@ class EnableTwoFactorAuthForm extends AccountActionForm {
         return [
             ['account', 'validateOtpDisabled'],
             ['totp', 'required', 'message' => E::TOTP_REQUIRED],
-            ['totp', TotpValidator::class, 'account' => $this->getAccount()],
+            ['totp', TotpValidator::class, 'account' => $this->getAccount(), 'window' => 2],
             ['password', PasswordRequiredValidator::class, 'account' => $this->getAccount()],
         ];
     }
diff --git a/api/validators/TotpValidator.php b/api/validators/TotpValidator.php
index da84468..ce8f6e8 100644
--- a/api/validators/TotpValidator.php
+++ b/api/validators/TotpValidator.php
@@ -20,7 +20,7 @@ class TotpValidator extends Validator {
      * @var int|null Задаёт окно, в промежуток которого будет проверяться код.
      * Позволяет избежать ситуации, когда пользователь ввёл код в последнюю секунду
      * его существования и пока шёл запрос, тот протух.
-     * Значение задаётся в +- кодах, а не секундах.
+     * Значение задаётся в +- периодах, а не секундах.
      */
     public $window;
 
diff --git a/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php b/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php
index aff4324..841dffe 100644
--- a/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php
+++ b/tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php
@@ -58,4 +58,15 @@ class EnableTwoFactorAuthCest {
         ]);
     }
 
+    public function testSuccessEnableWithNotSoExpiredCode(FunctionalTester $I) {
+        $accountId = $I->amAuthenticated('AccountWithOtpSecret');
+        $totp = TOTP::create('AAAA');
+        $this->route->enableTwoFactorAuth($accountId, $totp->at(time() - 35), 'password_0');
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'success' => true,
+        ]);
+    }
+
 }