<?php
/**
 * @link http://www.yiiframework.com/
 * @copyright Copyright (c) 2008 Yii Software LLC
 * @license http://www.yiiframework.com/license/
 */

namespace yii\rest;

use Yii;
use yii\base\Component;
use yii\web\UnauthorizedHttpException;

/**
 * HttpBearerAuth implements the authentication method based on HTTP Bearer token.
 *
 * @author Qiang Xue <qiang.xue@gmail.com>
 * @since 2.0
 */
class HttpBearerAuth extends Component implements AuthInterface
{
	/**
	 * @var string the HTTP authentication realm
	 */
	public $realm = 'api';

	/**
	 * @inheritdoc
	 */
	public function authenticate($user, $request, $response)
	{
		$authHeader = $request->getHeaders()->get('Authorization');
		if ($authHeader !== null && preg_match("/^Bearer\\s+(.*?)$/", $authHeader, $matches)) {
			$identity = $user->loginByAccessToken($matches[1]);
			if ($identity !== null) {
				return $identity;
			}

			$this->handleFailure($response);
		}
		return null;
	}

	/**
	 * @inheritdoc
	 */
	public function handleFailure($response)
	{
		$response->getHeaders()->set('WWW-Authenticate', "Bearer realm=\"{$this->realm}\"");
		throw new UnauthorizedHttpException('You are requesting with an invalid access token.');
	}
}