diff options
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r-- | app/controllers/sessions_controller.rb | 72 |
1 files changed, 28 insertions, 44 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index b035ea0..5d96b3e 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,52 +1,25 @@ class SessionsController < ApplicationController - before_action :set_session, only: [:show, :edit, :update, :destroy] - - # GET /sessions - # GET /sessions.json - def index - @sessions = Session.all - end - - # GET /sessions/1 - # GET /sessions/1.json - def show - end # GET /sessions/new def new - @session = Session.new - end - - # GET /sessions/1/edit - def edit end # POST /sessions # POST /sessions.json def create - @session = Session.new(session_params) + # find the user... + user = User.find_by_email(params[:username_or_email].to_s) || User.find_by_user_name(params[:username_or_email].to_s) + #@session = Session.new(@user) + # ... and create a new session respond_to do |format| - if @session.save - format.html { redirect_to @session, notice: 'Session was successfully created.' } - format.json { render action: 'show', status: :created, location: @session } + if user && user.authenticate(params[:password].to_s) + sign_in user + format.html { redirect_to root_path, notice: "Welcome, #{user.name}" } # TODO; previous URL + #format.json { # TODO } else format.html { render action: 'new' } - format.json { render json: @session.errors, status: :unprocessable_entity } - end - end - end - - # PATCH/PUT /sessions/1 - # PATCH/PUT /sessions/1.json - def update - respond_to do |format| - if @session.update(session_params) - format.html { redirect_to @session, notice: 'Session was successfully updated.' } - format.json { head :no_content } - else - format.html { render action: 'edit' } - format.json { render json: @session.errors, status: :unprocessable_entity } + format.json { render json: user.errors, status: :unprocessable_entity } end end end @@ -54,21 +27,32 @@ class SessionsController < ApplicationController # DELETE /sessions/1 # DELETE /sessions/1.json def destroy - @session.destroy + #@session.destroy + sign_out respond_to do |format| - format.html { redirect_to sessions_url } + format.html { redirect_to root_path } format.json { head :no_content } end end private - # Use callbacks to share common setup or constraints between actions. - def set_session - @session = Session.find(params[:id]) + + # Only allow creating a session if not logged in. + def check_create + unless current_user.nil? + respond_to do |format| + format.html { redirect_to root_path, notice: "You are already logged in" } # TODO: previous URL + format.json { render json: {"errors" => ["already logged in"]}, status: :forbidden } + end + end end - # Never trust parameters from the scary internet, only allow the white list through. - def session_params - params.require(:session).permit(:user_id, :token) + def check_delete + unless signed_in? + respond_to do |format| + format.html { redirect_to root_path, notice: "You are not logged in" } # TODO: previous URL + format.json { render json: {"errors" => ["not logged in"]}, status: :forbidden } + end + end end end |