candidate login/logout

app/controllers/application_controller.rb

@@ -1,3 +1,7 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
+
+  def current_candidate
+    @current_candidate ||= Candidate.find_by(test_hash: session[:test_id])
+  end
 end

app/controllers/candidate_controller.rb

@@ -26,13 +26,23 @@ class CandidateController < ApplicationController
   end
 
   def thankyou
+    redirect_to root_path if session[:test_id].nil?
+    reset_session
   end
 
   def saved
   end
 
   def validate
-    redirect_to :question
+    candidate = Candidate.find_by(test_hash: params['test_id'])
+
+    if candidate.nil?
+      reset_session
+      redirect_to root_path, alert: "Sorry, incorrect test id"
+    else
+      session[:test_id] = candidate.test_hash
+      redirect_to :question
+    end
   end
 
   def live_coder
@@ -41,9 +51,9 @@ class CandidateController < ApplicationController
     render layout: false
   end
 
-  # private
-  #
-  #   def question_params
-  #     params.permit(:save)
-  #   end
+  private
+
+    def question_params
+      params.permit(:save)
+    end
 end