summaryrefslogtreecommitdiff
path: root/lib/aggiedit_web/controllers/user_session_controller.ex
diff options
context:
space:
mode:
Diffstat (limited to 'lib/aggiedit_web/controllers/user_session_controller.ex')
-rw-r--r--lib/aggiedit_web/controllers/user_session_controller.ex27
1 files changed, 27 insertions, 0 deletions
diff --git a/lib/aggiedit_web/controllers/user_session_controller.ex b/lib/aggiedit_web/controllers/user_session_controller.ex
new file mode 100644
index 0000000..fc20cc1
--- /dev/null
+++ b/lib/aggiedit_web/controllers/user_session_controller.ex
@@ -0,0 +1,27 @@
+defmodule AggieditWeb.UserSessionController do
+ use AggieditWeb, :controller
+
+ alias Aggiedit.Accounts
+ alias AggieditWeb.UserAuth
+
+ def new(conn, _params) do
+ render(conn, "new.html", error_message: nil)
+ end
+
+ def create(conn, %{"user" => user_params}) do
+ %{"email" => email, "password" => password} = user_params
+
+ if user = Accounts.get_user_by_email_and_password(email, password) do
+ UserAuth.log_in_user(conn, user, user_params)
+ else
+ # In order to prevent user enumeration attacks, don't disclose whether the email is registered.
+ render(conn, "new.html", error_message: "Invalid email or password")
+ end
+ end
+
+ def delete(conn, _params) do
+ conn
+ |> put_flash(:info, "Logged out successfully.")
+ |> UserAuth.log_out_user()
+ end
+end
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-23 01:59:57 +0000