VKAPI: Fix 2FA compatibility with alternative clients

VKAPI: Fix crash when trying to call Messages.getConversations method
This commit is contained in:
veselcraft 2022-07-19 23:40:17 +03:00
parent eb857d2e55
commit f5bec29bf6
No known key found for this signature in database
GPG key ID: AED66BC1AC628A4E
2 changed files with 25 additions and 3 deletions

View file

@ -220,7 +220,7 @@ final class Messages extends VKAPIRequestHandler
return (object) [ return (object) [
"count" => sizeof($list), "count" => sizeof($list),
"items" => $list, "items" => $list,
"profiles" => (new APIUsers)->get(implode(',', $users), $fields, $offset, $count) "profiles" => (!empty($users) ? (new APIUsers)->get(implode(',', $users), $fields, $offset, $count) : [])
]; ];
} }
} }

View file

@ -43,6 +43,24 @@ final class VKAPIPresenter extends OpenVKPresenter
exit(json_encode($payload)); exit(json_encode($payload));
} }
private function twofaFail(int $userId): void
{
header("HTTP/1.1 401 Unauthorized");
header("Content-Type: application/json");
$payload = [
"error" => "need_validation",
"error_description" => "use app code",
"validation_type" => "2fa_app",
"validation_sid" => "2fa_".$userId."_2839041_randommessdontread",
"phone_mask" => "+374 ** *** 420",
"redirect_url" => "https://http.cat/418", // Not implemented yet :( So there is a photo of cat :3
"validation_resend" => "nowhere"
];
exit(json_encode($payload));
}
private function badMethod(string $object, string $method): void private function badMethod(string $object, string $method): void
{ {
$this->fail(3, "Unknown method passed.", $object, $method); $this->fail(3, "Unknown method passed.", $object, $method);
@ -249,8 +267,12 @@ final class VKAPIPresenter extends OpenVKPresenter
$user = (new Users)->get($uId); $user = (new Users)->get($uId);
$code = $this->requestParam("code"); $code = $this->requestParam("code");
if($user->is2faEnabled() && !($code === (new Totp)->GenerateToken(Base32::decode($user->get2faSecret())) || $user->use2faBackupCode((int) $code))) if($user->is2faEnabled() && !($code === (new Totp)->GenerateToken(Base32::decode($user->get2faSecret())) || $user->use2faBackupCode((int) $code))) {
$this->fail(28, "Invalid 2FA code", "internal", "acquireToken"); if($this->requestParam("2fa_supported") == "1")
$this->twofaFail($user->getId());
else
$this->fail(28, "Invalid 2FA code", "internal", "acquireToken");
}
$token = new APIToken; $token = new APIToken;
$token->setUser($user); $token->setUser($user);