/** * Check that this token is either a user token or the * site's API token, and auth the current request for that user if so. * * @return \Idno\Entities\User user on success */ private static function authenticate() { $access_token = \Idno\Core\Input::getInput('access_token'); $headers = \Idno\Common\Page::getallheaders(); if (!empty($headers['Authorization'])) { $token = $headers['Authorization']; $token = trim(str_replace('Bearer', '', $token)); } else { if ($token = \Idno\Core\Input::getInput('access_token')) { $token = trim($token); } } if (!empty($token)) { $found = Token::findUserForToken($token); if (!empty($found)) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); $user = $found['user']; \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return $user; } $user = \Idno\Entities\User::getOne(array('admin' => true)); if ($token == $user->getAPIkey()) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return $user; } } return false; }