/** * @inheritdoc */ public function authenticate($user, $request, $response) { parent::authenticate($user, $request, $response); $username = $request->getAuthUser(); $password = $request->getAuthPassword(); $headers = Yii::$app->request->headers; if ($this->auth) { if ($username !== null || $password !== null) { $identity = call_user_func($this->auth, $username, $password); if ($identity !== null) { $user->switchIdentity($identity); } else { $this->handleFailure($response); } return $identity; } } else { if ($headers->has('x-apitoken')) { $decoded = JWT::decode($headers->get('x-apitoken'), Yii::$app->params['security-salt'], array('HS256')); if (isset($decoded->token) && $decoded->token != '') { $identity = $user->loginByAccessToken($decoded->token, get_class($this)); if ($identity === null) { $this->handleFailure($response); } if ($identity->username == $decoded->username) { return $identity; } } return $identity; } } return null; }