summaryrefslogtreecommitdiff
path: root/app/controllers/sessions_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r--app/controllers/sessions_controller.rb72
1 files changed, 28 insertions, 44 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b035ea0..5d96b3e 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,52 +1,25 @@
class SessionsController < ApplicationController
- before_action :set_session, only: [:show, :edit, :update, :destroy]
-
- # GET /sessions
- # GET /sessions.json
- def index
- @sessions = Session.all
- end
-
- # GET /sessions/1
- # GET /sessions/1.json
- def show
- end
# GET /sessions/new
def new
- @session = Session.new
- end
-
- # GET /sessions/1/edit
- def edit
end
# POST /sessions
# POST /sessions.json
def create
- @session = Session.new(session_params)
+ # find the user...
+ user = User.find_by_email(params[:username_or_email].to_s) || User.find_by_user_name(params[:username_or_email].to_s)
+ #@session = Session.new(@user)
+ # ... and create a new session
respond_to do |format|
- if @session.save
- format.html { redirect_to @session, notice: 'Session was successfully created.' }
- format.json { render action: 'show', status: :created, location: @session }
+ if user && user.authenticate(params[:password].to_s)
+ sign_in user
+ format.html { redirect_to root_path, notice: "Welcome, #{user.name}" } # TODO; previous URL
+ #format.json { # TODO }
else
format.html { render action: 'new' }
- format.json { render json: @session.errors, status: :unprocessable_entity }
- end
- end
- end
-
- # PATCH/PUT /sessions/1
- # PATCH/PUT /sessions/1.json
- def update
- respond_to do |format|
- if @session.update(session_params)
- format.html { redirect_to @session, notice: 'Session was successfully updated.' }
- format.json { head :no_content }
- else
- format.html { render action: 'edit' }
- format.json { render json: @session.errors, status: :unprocessable_entity }
+ format.json { render json: user.errors, status: :unprocessable_entity }
end
end
end
@@ -54,21 +27,32 @@ class SessionsController < ApplicationController
# DELETE /sessions/1
# DELETE /sessions/1.json
def destroy
- @session.destroy
+ #@session.destroy
+ sign_out
respond_to do |format|
- format.html { redirect_to sessions_url }
+ format.html { redirect_to root_path }
format.json { head :no_content }
end
end
private
- # Use callbacks to share common setup or constraints between actions.
- def set_session
- @session = Session.find(params[:id])
+
+ # Only allow creating a session if not logged in.
+ def check_create
+ unless current_user.nil?
+ respond_to do |format|
+ format.html { redirect_to root_path, notice: "You are already logged in" } # TODO: previous URL
+ format.json { render json: {"errors" => ["already logged in"]}, status: :forbidden }
+ end
+ end
end
- # Never trust parameters from the scary internet, only allow the white list through.
- def session_params
- params.require(:session).permit(:user_id, :token)
+ def check_delete
+ unless signed_in?
+ respond_to do |format|
+ format.html { redirect_to root_path, notice: "You are not logged in" } # TODO: previous URL
+ format.json { render json: {"errors" => ["not logged in"]}, status: :forbidden }
+ end
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 08:58:48 +0000