diff options
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r-- | app/controllers/sessions_controller.rb | 61 |
1 files changed, 21 insertions, 40 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index b035ea0..a0390ad 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,52 +1,27 @@ class SessionsController < ApplicationController - before_action :set_session, only: [:show, :edit, :update, :destroy] - - # GET /sessions - # GET /sessions.json - def index - @sessions = Session.all - end - - # GET /sessions/1 - # GET /sessions/1.json - def show - end # GET /sessions/new def new - @session = Session.new - end - - # GET /sessions/1/edit - def edit + @user = User.new + #@session = Session.new end # POST /sessions # POST /sessions.json def create - @session = Session.new(session_params) + # find the user... + @user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email]) + #@session = Session.new(@user) + # ... and create a new session respond_to do |format| - if @session.save - format.html { redirect_to @session, notice: 'Session was successfully created.' } - format.json { render action: 'show', status: :created, location: @session } + if @user && @user.authenticate(params[:session][:password]) + sign_in @user + format.html { redirect_to root_path } + #format.json { #TODO } else format.html { render action: 'new' } - format.json { render json: @session.errors, status: :unprocessable_entity } - end - end - end - - # PATCH/PUT /sessions/1 - # PATCH/PUT /sessions/1.json - def update - respond_to do |format| - if @session.update(session_params) - format.html { redirect_to @session, notice: 'Session was successfully updated.' } - format.json { head :no_content } - else - format.html { render action: 'edit' } - format.json { render json: @session.errors, status: :unprocessable_entity } + format.json { render json: @user.errors, status: :unprocessable_entity } end end end @@ -54,9 +29,10 @@ class SessionsController < ApplicationController # DELETE /sessions/1 # DELETE /sessions/1.json def destroy - @session.destroy + #@session.destroy + sign_out respond_to do |format| - format.html { redirect_to sessions_url } + format.html { redirect_to root_path } format.json { head :no_content } end end @@ -64,11 +40,16 @@ class SessionsController < ApplicationController private # Use callbacks to share common setup or constraints between actions. def set_session - @session = Session.find(params[:id]) + @token = Session.hash_token(cookies[:remember_token]) + @session = Session.find_by(token: @token) end # Never trust parameters from the scary internet, only allow the white list through. def session_params - params.require(:session).permit(:user_id, :token) + params.require(:session).permit(:session_email, :session_user_name, :session_password) + end + + def is_owner?(object) + object.user == current_user end end |