/**
* authenticates user from session data
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
* @return ResponseInterface
*/
public function authenticateSession(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
// check user
$userId = $this->session->get("security._user");
if ($userId === null) {
return $next($request, $response);
}
// check login token
$loginToken = $this->session->get("security._logintoken");
if ($loginToken === null) {
$this->session->delete("security._user");
return $next($request, $response);
}
// refresh user
$this->user = $this->userProvider->refreshUser((string) $userId, $loginToken);
return $next($request, $response);
}
