From f5bec29bf6be40ce9c07c6668241600593cd405b Mon Sep 17 00:00:00 2001
From: veselcraft <veselcraft@icloud.com>
Date: Tue, 19 Jul 2022 23:40:17 +0300
Subject: [PATCH] VKAPI: Fix 2FA compatibility with alternative clients

VKAPI: Fix crash when trying to call Messages.getConversations method
---
 VKAPI/Handlers/Messages.php       |  2 +-
 Web/Presenters/VKAPIPresenter.php | 26 ++++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/VKAPI/Handlers/Messages.php b/VKAPI/Handlers/Messages.php
index 456e31df..2dd4d4ff 100644
--- a/VKAPI/Handlers/Messages.php
+++ b/VKAPI/Handlers/Messages.php
@@ -220,7 +220,7 @@ final class Messages extends VKAPIRequestHandler
             return (object) [
                 "count" => sizeof($list),
                 "items" => $list,
-                "profiles" => (new APIUsers)->get(implode(',', $users), $fields, $offset, $count)
+                "profiles" => (!empty($users) ? (new APIUsers)->get(implode(',', $users), $fields, $offset, $count) : [])
             ];
         }
     }
diff --git a/Web/Presenters/VKAPIPresenter.php b/Web/Presenters/VKAPIPresenter.php
index 5e1959e5..a26a25b9 100644
--- a/Web/Presenters/VKAPIPresenter.php
+++ b/Web/Presenters/VKAPIPresenter.php
@@ -42,6 +42,24 @@ final class VKAPIPresenter extends OpenVKPresenter
         
         exit(json_encode($payload));
     }
+
+    private function twofaFail(int $userId): void
+    {
+        header("HTTP/1.1 401 Unauthorized");
+        header("Content-Type: application/json");
+        
+        $payload = [
+            "error"             => "need_validation",
+            "error_description" => "use app code",
+            "validation_type"   => "2fa_app",
+            "validation_sid"    => "2fa_".$userId."_2839041_randommessdontread",
+            "phone_mask"        => "+374 ** *** 420",
+            "redirect_url"      => "https://http.cat/418", // Not implemented yet :( So there is a photo of cat :3
+            "validation_resend" => "nowhere"
+        ];
+        
+        exit(json_encode($payload));
+    }
     
     private function badMethod(string $object, string $method): void
     {
@@ -249,8 +267,12 @@ final class VKAPIPresenter extends OpenVKPresenter
         $user = (new Users)->get($uId);
 
         $code = $this->requestParam("code");
-        if($user->is2faEnabled() && !($code === (new Totp)->GenerateToken(Base32::decode($user->get2faSecret())) || $user->use2faBackupCode((int) $code)))
-            $this->fail(28, "Invalid 2FA code", "internal", "acquireToken");
+        if($user->is2faEnabled() && !($code === (new Totp)->GenerateToken(Base32::decode($user->get2faSecret())) || $user->use2faBackupCode((int) $code))) {
+            if($this->requestParam("2fa_supported") == "1")
+                $this->twofaFail($user->getId());
+            else
+                $this->fail(28, "Invalid 2FA code", "internal", "acquireToken");
+        }
         
         $token = new APIToken;
         $token->setUser($user);