# frozen_string_literal: true module Admin class AuthController < AdminController skip_before_action :authorize_user def login end def auth user = User.find_by(email: auth_params[:email]) if user && user.authenticate(auth_params[:password]) session[:user] = user.to_i redirect_to admin_path else redirect_to admin_login_path, flash: { error: "Sorry, incorrect email or password. Please try again." } end end def logout reset_session redirect_to admin_login_path end def reset_request end def send_reset user = User.find_by(email: request_params[:email]) redirect_to(admin_reset_request_path) and return if user.nil? user.setup_reset UserMailer.password_reset(user).deliver_later redirect_to admin_reset_request_path, success: "Reset request sent! Please check your email for instructions." end def reset user = User.find_by(reset_token: params[:reset_token]) redirect_to(admin_reset_request_path) and return if user.nil? end def reset_password user = User.find_by(reset_token: params[:reset_token]) redirect_to(admin_reset_request_path) and return if user.nil? if user.update(reset_params) redirect_to admin_login_path, success: "Password has been reset. Please log in." else redirect_to admin_reset_request_path, flash: { error: "Password was not updated." } end end private def request_params params.require(:auth).permit(:email) end def reset_params params.require(:auth).permit(:password, :password_confirmation) end end end