/**
* Authenticates the current user.
*
* @param \yii\web\User $user
* @param \yii\web\Request $request
* @param \yii\web\Response $response
*
* @return \yii\web\IdentityInterface the authenticated user identity. If authentication information is not
* provided, null will be returned.
* @throws \yii\web\UnauthorizedHttpException if authentication information is provided but is invalid.
*/
public function authenticate($user, $request, $response)
{
/** @var array $request */
/** @noinspection PhpUndefinedFieldInspection */
$request = Json::decode($request->rawBody);
$token = ArrayHelper::getValue($request, $this->accessTokenPath);
if (!$token || !($identity = $user->loginByAccessToken($token))) {
\Yii::$app->session->remove(TokenAuth::DEFAULT_TOKEN_PATH);
throw new UnauthorizedHttpException('Incorrect or expired token provided');
}
\Yii::$app->session->set(TokenAuth::DEFAULT_TOKEN_PATH, $token);
return $identity;
}