Require authentication for most endpoints #29
1 changed files with 5 additions and 1 deletions
|
@ -13,7 +13,7 @@ class SessionsController < ApplicationController
|
|||
if @session.save
|
||||
session[:current_user_id] = @session.user_id
|
||||
|
||||
format.html { redirect_to root_url, notice: "Session was successfully created." }
|
||||
format.html { redirect_to redirect_url, notice: "Session was successfully created." }
|
||||
format.json { render :show, status: :created, location: @session }
|
||||
else
|
||||
format.html { render :new, status: :unprocessable_entity, alert: @session.errors }
|
||||
|
@ -33,6 +33,10 @@ class SessionsController < ApplicationController
|
|||
end
|
||||
|
||||
private
|
||||
def redirect_url
|
||||
session.delete(:return_url) || root_url
|
||||
end
|
||||
|
||||
# Only allow a list of trusted parameters through.
|
||||
def session_params
|
||||
params.require(:session).permit(:email, :password)
|
||||
|
|
Loading…
Reference in a new issue