From f86be5688bd53e54cb966296d766f3864566e63d Mon Sep 17 00:00:00 2001
From: ErickSkrauch <erickskrauch@yandex.ru>
Date: Thu, 23 Feb 2017 20:15:03 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?=
 =?UTF-8?q?=D0=BD=D0=BE=20=D0=BE=D1=82=D0=B4=D0=B5=D0=BB=D1=8C=D0=BD=D0=BE?=
 =?UTF-8?q?=D0=B5=20=D1=81=D0=BE=D0=BE=D0=B1=D1=89=D0=B5=D0=BD=D0=B8=D0=B5?=
 =?UTF-8?q?=20=D0=B4=D0=BB=D1=8F=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8?=
 =?UTF-8?q?=D0=B7=D0=B0=D1=86=D0=B8=D0=B8=20=D0=B2=20Minecraft,=20=D0=B5?=
 =?UTF-8?q?=D1=81=D0=BB=D0=B8=20=D1=83=20=D0=B0=D0=BA=D0=BA=D0=B0=D1=83?=
 =?UTF-8?q?=D0=BD=D1=82=D0=B0=20=D0=B2=D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=BD?=
 =?UTF-8?q?=D0=B0=20=D0=B4=D0=B2=D1=83=D1=85=D1=84=D0=B0=D0=BA=D1=82=D0=BE?=
 =?UTF-8?q?=D1=80=D0=BD=D0=B0=D1=8F=20=D0=B0=D1=83=D1=82=D0=B5=D0=BD=D1=82?=
 =?UTF-8?q?=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=86=D0=B8=D1=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../authserver/models/AuthenticationForm.php      |  5 ++++-
 .../functional/authserver/AuthorizationCest.php   | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/api/modules/authserver/models/AuthenticationForm.php b/api/modules/authserver/models/AuthenticationForm.php
index 5a0f65b..14dd601 100644
--- a/api/modules/authserver/models/AuthenticationForm.php
+++ b/api/modules/authserver/models/AuthenticationForm.php
@@ -35,7 +35,10 @@ class AuthenticationForm extends Form {
         $loginForm->password = $this->password;
         if (!$loginForm->validate()) {
             $errors = $loginForm->getFirstErrors();
-            if (isset($errors['login'])) {
+            if (isset($errors['token'])) {
+                Authserver::error("User with login = '{$this->username}' protected by two factor auth.");
+                throw new ForbiddenOperationException('Account protected with two factor auth.');
+            } elseif (isset($errors['login'])) {
                 if ($errors['login'] === E::ACCOUNT_BANNED) {
                     Authserver::error("User with login = '{$this->username}' is banned");
                     throw new ForbiddenOperationException('This account has been suspended.');
diff --git a/tests/codeception/api/functional/authserver/AuthorizationCest.php b/tests/codeception/api/functional/authserver/AuthorizationCest.php
index cf712ed..7148e9a 100644
--- a/tests/codeception/api/functional/authserver/AuthorizationCest.php
+++ b/tests/codeception/api/functional/authserver/AuthorizationCest.php
@@ -38,6 +38,21 @@ class AuthorizationCest {
         $this->testSuccessResponse($I);
     }
 
+    public function byEmailWithEnabledTwoFactorAuth(FunctionalTester $I) {
+        $I->wantTo('get valid error by authenticate account with enabled two factor auth');
+        $this->route->authenticate([
+            'username' => 'otp@gmail.com',
+            'password' => 'password_0',
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Account protected with two factor auth.',
+        ]);
+    }
+
     public function byEmailWithParamsAsJsonInPostBody(FunctionalTester $I) {
         $I->wantTo('authenticate by email and password, passing values as serialized string in post body');
         $this->route->authenticate(json_encode([