Esempio n. 1
0
 private function _validateAccountParameters($action)
 {
     if ($action == 'request-password-reset') {
         return true;
     }
     if ($action == 'reset-password') {
         return true;
     }
     $id = \yii::$app->getRequest()->getQueryParam('id');
     $userId = \Yii::$app->user->id;
     if (!isset($id)) {
         return FALSE;
     }
     //User ID parameter is set and matches current session account-id
     //Only users can delete their own tokens (for now)
     if ($action != 'delete-token') {
         return $userId == $id;
     }
     //delete token
     $token = models\common\AuthenticationToken::findOne(['id' => $id]);
     if (isset($token)) {
         return $token->user_id == $userId;
     }
     return FALSE;
 }
Esempio n. 2
0
 public function actionDeleteToken($id)
 {
     if (!\Yii::$app->controller->module->params['enableTokenAuthentication']) {
         throw new \yii\web\NotFoundHttpException('Page not found.');
     }
     $token = AuthenticationToken::findOne($id);
     $caller = $token->user_id;
     $token->delete();
     $this->redirect(['tokens', 'id' => $caller]);
 }
Esempio n. 3
0
 /**
  * @inheritdoc
  */
 public static function findIdentityByAccessToken($token, $type = null)
 {
     $model = AuthenticationToken::findOne(['token_hash' => $token]);
     return isset($model) ? $model->user : NULL;
 }