# controllers/user_sessions_controller.rb class UserSessionsController < ApplicationController def new @user_session = UserSession.new end def create @user_session = UserSession.new(user_session_params) user = User.find_by_username(params[:user_session][:username]) if authenticate_user?(user) create_user_session(user) redirect_to root_path, notice: 'You have been signed in!' else redirect_to signin_path, alert: 'Username or password was incorrect!' end end def destroy cookies.permanent[:user_session] = nil current_session.destroy if current_session redirect_to root_path, notice: 'You have been signed out!' end private def user_session_params params.require(:user_session).permit(:username, :password) end def authenticate_user?(user) user && user.authenticate(params[:user_session][:password]) end def create_user_session(user) user_session = UserSession.new_by_user(user, request.env) cookies.permanent[:user_session] = user_session.key end end