Files
fizzy/app/controllers/sessions_controller.rb
T
2024-06-21 16:45:29 +01:00

33 lines
740 B
Ruby

class SessionsController < ApplicationController
allow_unauthenticated_access only: %i[ new create ]
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { render_rejection :too_many_requests }
def new
end
def create
if user = User.active.authenticate_by(user_params)
start_new_session_for user
redirect_to post_authenticating_url
else
render_rejection :unauthorized
end
end
def destroy
reset_authentication
redirect_to root_url
end
private
def user_params
params.require(:user).permit(:email_address, :password)
end
def render_rejection(status)
flash[:alert] = "Too many requests or unauthorized."
render :new, status: status
end
end