Добавлено отдельное сообщение для авторизации в Minecraft, если у аккаунта включена двухфакторная аутентификация

api/modules/authserver/models/AuthenticationForm.php

@@ -35,7 +35,10 @@ class AuthenticationForm extends Form {
         $loginForm->password = $this->password;
         if (!$loginForm->validate()) {
             $errors = $loginForm->getFirstErrors();
-            if (isset($errors['login'])) {
+            if (isset($errors['token'])) {
+                Authserver::error("User with login = '{$this->username}' protected by two factor auth.");
+                throw new ForbiddenOperationException('Account protected with two factor auth.');
+            } elseif (isset($errors['login'])) {
                 if ($errors['login'] === E::ACCOUNT_BANNED) {
                     Authserver::error("User with login = '{$this->username}' is banned");
                     throw new ForbiddenOperationException('This account has been suspended.');

tests/codeception/api/functional/authserver/AuthorizationCest.php

@@ -38,6 +38,21 @@ class AuthorizationCest {
         $this->testSuccessResponse($I);
     }
 
+    public function byEmailWithEnabledTwoFactorAuth(FunctionalTester $I) {
+        $I->wantTo('get valid error by authenticate account with enabled two factor auth');
+        $this->route->authenticate([
+            'username' => 'otp@gmail.com',
+            'password' => 'password_0',
+            'clientToken' => Uuid::uuid4()->toString(),
+        ]);
+        $I->canSeeResponseCodeIs(401);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'error' => 'ForbiddenOperationException',
+            'errorMessage' => 'Account protected with two factor auth.',
+        ]);
+    }
+
     public function byEmailWithParamsAsJsonInPostBody(FunctionalTester $I) {
         $I->wantTo('authenticate by email and password, passing values as serialized string in post body');
         $this->route->authenticate(json_encode([