/** * @param TokenInterface $token * * @return TokenInterface */ public function authenticate(TokenInterface $token) { $now = new \DateTime(); /** @var ApiUnauthenticatedUserToken $token */ $clientTokenInfos = $this->validateClientToken($token->getClientTokenInfos(), $now); $userTokenInfos = $this->validateUserToken($token->getUserTokenInfos(), $now); $username = $token->getUsername(); if ($token->isImpersonating()) { /** @var ApiUser $sudoer */ $sudoer = $this->userProvider->loadUserByUsername($token->getUsername()); if (!$sudoer->isAllowedToSwitch()) { throw new MissingSudoPrivilegeException(); } $username = $token->getImpersonatedUserInfos()['id']; } return new ApiAuthenticatedUserToken($clientTokenInfos, $userTokenInfos, $this->userProvider->loadUserByUsername($username)); }