Refactored auth methods.

framework/rest/QueryParamAuth.php

@@ -0,0 +1,52 @@
+<?php
+/**
+ * @link http://www.yiiframework.com/
+ * @copyright Copyright (c) 2008 Yii Software LLC
+ * @license http://www.yiiframework.com/license/
+ */
+
+namespace yii\rest;
+
+use Yii;
+use yii\base\Component;
+use yii\web\UnauthorizedHttpException;
+
+/**
+ * QueryParamAuth implements the authentication method based on the access token passed through a query parameter.
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @since 2.0
+ */
+class QueryParamAuth extends Component implements AuthInterface
+{
+	/**
+	 * @var string the parameter name for passing the access token
+	 */
+	public $tokenParam = 'access-token';
+
+	/**
+	 * @inheritdoc
+	 */
+	public function authenticate($user, $request, $response)
+	{
+		$accessToken = $request->get($this->tokenParam);
+		if (is_string($accessToken)) {
+			$identity = $user->loginByAccessToken($accessToken);
+			if ($identity !== null) {
+				return $identity;
+			}
+		}
+		if ($accessToken !== null) {
+			$this->handleFailure($response);
+		}
+		return null;
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function handleFailure($response)
+	{
+		throw new UnauthorizedHttpException('You are requesting with an invalid access token.');
+	}
+}