atomaka/budget
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Require authentication for most endpoints (#29)

Browse source 
Reviewed-on: #29
This commit is contained in:
Andrew Tomaka 2024-09-08 21:07:51 -04:00
parent 0f95034e8e
commit c64550785e
15 changed files with 84 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/sessions_controller.rb
View file

@ -1,4 +1,5 @@
class SessionsController < ApplicationController
require_unregistered_user only: %i[new create]
# GET /sessions/new
def new
@session = Session.new
@ -11,9 +12,8 @@ class SessionsController < ApplicationController
respond_to do |format|
if @session.save
session[:current_user_id] = @session.user_id
Rails.logger.info("ID: #{@session.user_id}")
format.html { redirect_to root_url, notice: "Session was successfully created." }
format.html { redirect_to redirect_url, notice: "Session was successfully created." }
format.json { render :show, status: :created, location: @session }
else
format.html { render :new, status: :unprocessable_entity, alert: @session.errors }
@ -27,12 +27,16 @@ class SessionsController < ApplicationController
session[:current_user_id] = nil
respond_to do |format|
format.html { redirect_to root_url, notice: "Session was successfully destroyed." }
format.html { redirect_to new_session_url, notice: "Session was successfully destroyed." }
format.json { head :no_content }
end
end
private
def redirect_url
session.delete(:return_url) || root_url
end
# Only allow a list of trusted parameters through.
def session_params
params.require(:session).permit(:email, :password)