private function _validateAccountParameters($action) { if ($action == 'request-password-reset') { return true; } if ($action == 'reset-password') { return true; } $id = \yii::$app->getRequest()->getQueryParam('id'); $userId = \Yii::$app->user->id; if (!isset($id)) { return FALSE; } //User ID parameter is set and matches current session account-id //Only users can delete their own tokens (for now) if ($action != 'delete-token') { return $userId == $id; } //delete token $token = models\common\AuthenticationToken::findOne(['id' => $id]); if (isset($token)) { return $token->user_id == $userId; } return FALSE; }
public function actionDeleteToken($id) { if (!\Yii::$app->controller->module->params['enableTokenAuthentication']) { throw new \yii\web\NotFoundHttpException('Page not found.'); } $token = AuthenticationToken::findOne($id); $caller = $token->user_id; $token->delete(); $this->redirect(['tokens', 'id' => $caller]); }
/** * @inheritdoc */ public static function findIdentityByAccessToken($token, $type = null) { $model = AuthenticationToken::findOne(['token_hash' => $token]); return isset($model) ? $model->user : NULL; }