1class SessionsController < ApplicationController |
|
3 # |
|
4 before_action :authenticate, except: [ :create ] |
|
5 skip_before_action :verify_authenticity_token, :only => [:create,:destroy,:show] |
|
8 # |
|
|
10 def create |
11 user = User.find_by(email: params[:email]) |
|
12 if user && user.authenticate(params[:password]) |
|
13 session[:user_id] = user.id |
|
14 render status: :ok, text: 'ok' |
|
15 else |
|
16 render status: :unauthorized, text: 'account or password is not correct' |
|
17 end |
|
18 end |
|
|
20 def destroy |
21 session.delete :user_id |
|
22 @current_user &&= nil |
|
23 render status: :ok, nothing: true |
|
24 end |
|
|
26 def show |
27 render 'show' |
|
28 end |
|
29end |