33 lines
740 B
Ruby
33 lines
740 B
Ruby
class SessionsController < ApplicationController
|
|
allow_unauthenticated_access only: %i[ new create ]
|
|
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { render_rejection :too_many_requests }
|
|
|
|
def new
|
|
end
|
|
|
|
def create
|
|
if user = User.active.authenticate_by(user_params)
|
|
start_new_session_for user
|
|
redirect_to post_authenticating_url
|
|
else
|
|
render_rejection :unauthorized
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
reset_authentication
|
|
|
|
redirect_to root_url
|
|
end
|
|
|
|
private
|
|
def user_params
|
|
params.require(:user).permit(:email_address, :password)
|
|
end
|
|
|
|
def render_rejection(status)
|
|
flash[:alert] = "Too many requests or unauthorized."
|
|
render :new, status: status
|
|
end
|
|
end
|