39 lines
1.0 KiB
Ruby
39 lines
1.0 KiB
Ruby
module Admin
|
|
class SessionsController < ActionController::Base
|
|
layout "admin"
|
|
|
|
# CSRF protection is enabled by default in ActionController::Base
|
|
# We need it for the create action but not for the new (GET) action
|
|
protect_from_forgery with: :exception
|
|
|
|
def new
|
|
redirect_to admin_dashboard_path if current_admin
|
|
end
|
|
|
|
def create
|
|
admin = AdminUser.find_by(email: params[:email]&.downcase)
|
|
|
|
if admin&.authenticate(params[:password])
|
|
session[:admin_id] = admin.id
|
|
admin.update_last_login!
|
|
redirect_to admin_dashboard_path, notice: "Welcome back, #{admin.name}!"
|
|
else
|
|
flash.now[:alert] = "Invalid email or password"
|
|
render :new, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
session.delete(:admin_id)
|
|
redirect_to admin_login_path, notice: "You have been logged out"
|
|
end
|
|
|
|
private
|
|
|
|
def current_admin
|
|
@current_admin ||= AdminUser.find_by(id: session[:admin_id]) if session[:admin_id]
|
|
end
|
|
helper_method :current_admin
|
|
end
|
|
end
|