В форму входа внедрена проверка на наличие включённой OTP авторизации

api/models/authentication/LoginForm.php

@@ -3,6 +3,7 @@ namespace api\models\authentication;
 
 use api\models\AccountIdentity;
 use api\models\base\ApiForm;
+use api\validators\TotpValidator;
 use common\helpers\Error as E;
 use api\traits\AccountFinder;
 use common\models\Account;
@@ -16,6 +17,7 @@ class LoginForm extends ApiForm {
 
     public $login;
     public $password;
+    public $token;
     public $rememberMe = false;
 
     public function rules() {
@@ -28,6 +30,11 @@ class LoginForm extends ApiForm {
             }, 'message' => E::PASSWORD_REQUIRED],
             ['password', 'validatePassword'],
 
+            ['token', 'required', 'when' => function(self $model) {
+                return !$model->hasErrors() && $model->getAccount()->is_otp_enabled;
+            }, 'message' => E::OTP_TOKEN_REQUIRED],
+            ['token', 'validateTotpToken'],
+
             ['login', 'validateActivity'],
 
             ['rememberMe', 'boolean'],
@@ -51,6 +58,22 @@ class LoginForm extends ApiForm {
         }
     }
 
+    public function validateTotpToken($attribute) {
+        if ($this->hasErrors()) {
+            return;
+        }
+
+        $account = $this->getAccount();
+        if (!$account->is_otp_enabled) {
+            return;
+        }
+
+        $validator = new TotpValidator(['account' => $account]);
+        if (!$validator->validate($this->token, $error)) {
+            $this->addError($attribute, $error);
+        }
+    }
+
     public function validateActivity($attribute) {
         if (!$this->hasErrors()) {
             $account = $this->getAccount();