Require authentication for most endpoints #29
1 changed files with 5 additions and 1 deletions
|
@ -13,7 +13,7 @@ class SessionsController < ApplicationController
|
||||||
if @session.save
|
if @session.save
|
||||||
session[:current_user_id] = @session.user_id
|
session[:current_user_id] = @session.user_id
|
||||||
|
|
||||||
format.html { redirect_to root_url, notice: "Session was successfully created." }
|
format.html { redirect_to redirect_url, notice: "Session was successfully created." }
|
||||||
format.json { render :show, status: :created, location: @session }
|
format.json { render :show, status: :created, location: @session }
|
||||||
else
|
else
|
||||||
format.html { render :new, status: :unprocessable_entity, alert: @session.errors }
|
format.html { render :new, status: :unprocessable_entity, alert: @session.errors }
|
||||||
|
@ -33,6 +33,10 @@ class SessionsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
def redirect_url
|
||||||
|
session.delete(:return_url) || root_url
|
||||||
|
end
|
||||||
|
|
||||||
# Only allow a list of trusted parameters through.
|
# Only allow a list of trusted parameters through.
|
||||||
def session_params
|
def session_params
|
||||||
params.require(:session).permit(:email, :password)
|
params.require(:session).permit(:email, :password)
|
||||||
|
|
Loading…
Reference in a new issue