private function _validateAccountParameters($action)
{
if ($action == 'request-password-reset') {
return true;
}
if ($action == 'reset-password') {
return true;
}
$id = \yii::$app->getRequest()->getQueryParam('id');
$userId = \Yii::$app->user->id;
if (!isset($id)) {
return FALSE;
}
//User ID parameter is set and matches current session account-id
//Only users can delete their own tokens (for now)
if ($action != 'delete-token') {
return $userId == $id;
}
//delete token
$token = models\common\AuthenticationToken::findOne(['id' => $id]);
if (isset($token)) {
return $token->user_id == $userId;
}
return FALSE;
}
public function actionDeleteToken($id)
{
if (!\Yii::$app->controller->module->params['enableTokenAuthentication']) {
throw new \yii\web\NotFoundHttpException('Page not found.');
}
$token = AuthenticationToken::findOne($id);
$caller = $token->user_id;
$token->delete();
$this->redirect(['tokens', 'id' => $caller]);
}
/**
* @inheritdoc
*/
public static function findIdentityByAccessToken($token, $type = null)
{
$model = AuthenticationToken::findOne(['token_hash' => $token]);
return isset($model) ? $model->user : NULL;
}