1class SessionsController < ApplicationController
 
2
 
3  # 
 
4  before_action :authenticate, except: [ :create ]
 
5  skip_before_action :verify_authenticity_token, :only => [:create,:destroy,:show]
 
6
  • remove trailing whitespace » rails_best_practices
7  
 
8  # 
 
 9  
 
10  def create
 
11    user = User.find_by(email: params[:email])
 
12    if user && user.authenticate(params[:password])
 
13      session[:user_id] = user.id
 
14      render status: :ok, text: 'ok'
 
15    else
 
16      render status: :unauthorized, text: 'account or password is not correct'
 
17    end
 
18  end
 
 
20  def destroy
 
21    session.delete :user_id
 
22    @current_user &&= nil
 
23    render status: :ok, nothing: true
 
24  end
 
 
26  def show
 
27    render 'show'
 
28  end
 
29end