/**
* @inheritdoc
*/
public function authenticate($user, $request, $response)
{
parent::authenticate($user, $request, $response);
$username = $request->getAuthUser();
$password = $request->getAuthPassword();
$headers = Yii::$app->request->headers;
if ($this->auth) {
if ($username !== null || $password !== null) {
$identity = call_user_func($this->auth, $username, $password);
if ($identity !== null) {
$user->switchIdentity($identity);
} else {
$this->handleFailure($response);
}
return $identity;
}
} else {
if ($headers->has('x-apitoken')) {
$decoded = JWT::decode($headers->get('x-apitoken'), Yii::$app->params['security-salt'], array('HS256'));
if (isset($decoded->token) && $decoded->token != '') {
$identity = $user->loginByAccessToken($decoded->token, get_class($this));
if ($identity === null) {
$this->handleFailure($response);
}
if ($identity->username == $decoded->username) {
return $identity;
}
}
return $identity;
}
}
return null;
}
