/**
* This is based on sessions so the token will only be valid during a session lifetime
*
* @param string $token
*
* @return bool
*/
protected function authorizeUserToken($token)
{
if ($this->userTokenIsValid($token) === false) {
return false;
}
$currentUser = $this->getCurrentUser($token);
try {
$realUser = $this->userFacade->getActiveUserById($currentUser->getIdUser());
} catch (UserNotFoundException $e) {
return false;
}
return $realUser->getPassword() === $currentUser->getPassword();
}