/**
* Check that this token is either a user token or the
* site's API token, and auth the current request for that user if so.
*
* @return \Idno\Entities\User user on success
*/
private static function authenticate()
{
$access_token = \Idno\Core\Input::getInput('access_token');
$headers = \Idno\Common\Page::getallheaders();
if (!empty($headers['Authorization'])) {
$token = $headers['Authorization'];
$token = trim(str_replace('Bearer', '', $token));
} else {
if ($token = \Idno\Core\Input::getInput('access_token')) {
$token = trim($token);
}
}
if (!empty($token)) {
$found = Token::findUserForToken($token);
if (!empty($found)) {
\Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
$user = $found['user'];
\Idno\Core\Idno::site()->session()->refreshSessionUser($user);
return $user;
}
$user = \Idno\Entities\User::getOne(array('admin' => true));
if ($token == $user->getAPIkey()) {
\Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
\Idno\Core\Idno::site()->session()->refreshSessionUser($user);
return $user;
}
}
return false;
}
