Add external authenticator (social login) API

Allows registrations to be completed with a pre-confirmed email address
and no password.

src/Api/AccessToken.php

@@ -12,6 +12,7 @@ namespace Flarum\Api;
 
 use Flarum\Core\Model;
 use DateTime;
+use Exception;
 
 /**
  * @todo document database columns with @property
@@ -55,14 +56,13 @@ class AccessToken extends Model
     }
 
     /**
-     * Get the given token only if it is valid.
+     * Check that the token has not expired.
      *
-     * @param string $token
-     * @return static|null
+     * @return bool
      */
-    public static function valid($token)
+    public function isValid()
     {
-        return static::where('id', $token)->where('expires_at', '>', new DateTime)->first();
+        return $this->expires_at > new DateTime;
     }
 
     /**

src/Api/Actions/Users/CreateAction.php

@@ -73,8 +73,12 @@ class CreateAction extends BaseCreateAction
      */
     protected function create(JsonApiRequest $request)
     {
-        return $this->bus->dispatch(
+        $user = $this->bus->dispatch(
             new RegisterUser($request->actor, $request->get('data'))
         );
+
+        $request->actor = $user;
+
+        return $user;
     }
 }

src/Api/Middleware/LoginWithHeader.php

@@ -50,7 +50,7 @@ class LoginWithHeader implements MiddlewareInterface
         if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
             $token = substr($parts[0], strlen($this->prefix));
 
-            if ($accessToken = AccessToken::valid($token)) {
+            if (($accessToken = AccessToken::find($token)) && $accessToken->isValid()) {
                 $this->app->instance('flarum.actor', $user = $accessToken->user);
 
                 $user->updateLastSeen()->save();