app/models/session.rb

@@ -0,0 +1,22 @@
+class Session
+  include ActiveModel::Model
+
+  include ActiveModel::Attributes
+  include ActiveModel::Validations
+
+  attr_accessor :user_id
+
+  attribute :email, :string
+  attribute :password, :string
+
+  validates :email, presence: true
+  validates :password, presence: true
+
+  def save
+    user = User.authenticate_by(email: email, password: password)
+
+    @user_id = user && user.id
+
+    user.present? && self || nil
+  end
+end

config/routes.rb

@@ -1,4 +1,5 @@
 Rails.application.routes.draw do
+  resources :sessions, only: %i[new create destroy]
   resources :users
   resources :credit_card_bills
   resource :dashboard, only: :show

test/models/session_test.rb

@@ -0,0 +1,25 @@
+require "test_helper"
+
+class SessionTest < ActiveSupport::TestCase
+  def test_save_when_exists
+    user = users(:one)
+
+    session = Session.new(email: user.email, password: "secret")
+
+    assert session.save
+  end
+
+  def test_save_when_not_exists
+    session = Session.new(email: "fake@example.org", password: "secret")
+
+    refute session.save
+  end
+
+  def test_save_when_password_incorrect
+    user = users(:one)
+
+    session = Session.new(email: user.email, password: "bad_password")
+
+    refute session.save
+  end
+end