Require authentication for most endpoints #29

Merged
atomaka merged 4 commits from authorization into main 2024-09-08 21:07:51 -04:00
Showing only changes of commit 396d1be2a8 - Show all commits

View file

@ -13,7 +13,7 @@ class SessionsController < ApplicationController
if @session.save
session[:current_user_id] = @session.user_id
format.html { redirect_to root_url, notice: "Session was successfully created." }
format.html { redirect_to redirect_url, notice: "Session was successfully created." }
format.json { render :show, status: :created, location: @session }
else
format.html { render :new, status: :unprocessable_entity, alert: @session.errors }
@ -33,6 +33,10 @@ class SessionsController < ApplicationController
end
private
def redirect_url
session.delete(:return_url) || root_url
end
# Only allow a list of trusted parameters through.
def session_params
params.require(:session).permit(:email, :password)