summaryrefslogtreecommitdiff
path: root/app/controllers/sessions_controller.rb
diff options
context:
space:
mode:
authorLuke Shumaker <shumakl@purdue.edu>2014-04-04 20:35:16 -0400
committerLuke Shumaker <shumakl@purdue.edu>2014-04-04 20:35:16 -0400
commitbcfa571b0328a4b3e94479a31c027621ceb86ad5 (patch)
treeac662a6e8e6be36b311652520b8bcc2a1511741d /app/controllers/sessions_controller.rb
parentd6009eddd6f67a9414ff7d707ae82c053e6653ad (diff)
Implement the new security mechanism
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r--app/controllers/sessions_controller.rb8
1 files changed, 6 insertions, 2 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 1bae258..a0390ad 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,5 +1,4 @@
class SessionsController < ApplicationController
- before_action :set_session, only: [:destroy]
# GET /sessions/new
def new
@@ -41,11 +40,16 @@ class SessionsController < ApplicationController
private
# Use callbacks to share common setup or constraints between actions.
def set_session
- #@session = Session.find(cookies[:remember_token])
+ @token = Session.hash_token(cookies[:remember_token])
+ @session = Session.find_by(token: @token)
end
# Never trust parameters from the scary internet, only allow the white list through.
def session_params
params.require(:session).permit(:session_email, :session_user_name, :session_password)
end
+
+ def is_owner?(object)
+ object.user == current_user
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 18:54:18 +0000