/** * Login/register callback via email */ public function actionLoginCallback($token, $jwtCookie = true) { /** @var User $user */ // check token and log user in directly $userToken = UserToken::findByToken($token, UserToken::TYPE_EMAIL_LOGIN); if (!$userToken) { return ["error" => "Invalid token"]; } // log user in directly $rememberMe = $userToken->data; $user = $userToken->user; if ($user) { $userToken->delete(); return ["success" => $this->generateAuthSuccess($user, $rememberMe, $jwtCookie)]; } // check for post data (for registering) $user = new User(); $profile = new Profile(); if (!$user->loadPost()) { return ["success" => true, "email" => $userToken->data]; } // ensure that email is taken from the $userToken (NOT from user input) $user->email = $userToken->data; $rememberMe = 1; // load profile, validate, and register $userValidate = $user->validate(); $profileValidate = $profile->loadPostAndValidate(); if ($userValidate && $profileValidate) { $user->setRegisterAttributes(Role::ROLE_USER, User::STATUS_ACTIVE)->save(); $profile->setUser($user->id)->save(); $userToken->delete(); return ["success" => $this->generateAuthSuccess($user, $rememberMe, $jwtCookie)]; } else { $errors = array_merge($user->errors, $profile->errors); return ["errors" => $errors]; } }