songtianlun
2b03661431
- Implement friendly forwarding for user login - Add correct_user method to ensure users can only edit their own profiles - Update sessions_controller to handle forwarding URL - Enhance user controller tests to verify redirection for unauthorized access These changes improve user experience by allowing users to be redirected back to their intended page after logging in. Additionally, the new correct_user method enhances security by preventing users from editing other users' profiles, ensuring proper authorization checks are in place.
26 lines
674 B
Ruby
26 lines
674 B
Ruby
class SessionsController < ApplicationController
|
|
include SessionsHelper
|
|
def new
|
|
end
|
|
|
|
def create
|
|
user = User.find_by(email: params[:session][:email].downcase)
|
|
# if user && user.authenticate(params[:session][:password])
|
|
if user&.authenticate(params[:session][:password])
|
|
forwarding_url = session[:forwarding_url]
|
|
reset_session
|
|
params[:session][:remember_me] == '1' ? remember(user) : forget(user)
|
|
log_in user
|
|
redirect_to forwarding_url || user
|
|
else
|
|
flash.now[:danger] = 'Invalid email/password combination'
|
|
render 'new'
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
log_out if logged_in?
|
|
redirect_to root_url
|
|
end
|
|
end
|