tokens->parse($value); } catch (Exception) { throw new ForbiddenOperationException(self::INVALID_TOKEN); } if (!Yii::$app->tokens->verify($token)) { throw new ForbiddenOperationException(self::INVALID_TOKEN); } if ($this->verifyExpiration && $token->isExpired(Carbon::now())) { throw new ForbiddenOperationException(self::TOKEN_EXPIRED); } if ($this->verifyAccount && !$this->validateAccount((new TokenReader($token))->getAccountId())) { throw new ForbiddenOperationException(self::INVALID_TOKEN); } return null; } private function validateAccount(int $accountId): bool { /** @var Account|null $account */ $account = Account::find()->excludeDeleted()->andWhere(['id' => $accountId])->one(); return $account !== null && $account->status !== Account::STATUS_BANNED; } }