module Admin class AuthController < AdminController skip_before_action :authorize_admin def login end def auth admin = User.find_by(email: auth_params[:email], role: 'admin') if admin && admin.authenticate(auth_params[:password]) session[:user] = admin.to_i redirect_to admin_path else redirect_to admin_login_path, flash: { error: "Sorry, incorrect email or password. Please try again." } end end def logout reset_session redirect_to admin_login_path end def reset_request end def send_reset user = User.find_by(email: request_params[:email]) redirect_to(admin_reset_request_path) and return if user.nil? user.setup_reset UserMailer.password_reset(user).deliver_now redirect_to admin_reset_request_path, success: "Reset request sent! Please check your email for instructions." end def reset user = User.find_by(reset_token: params[:reset_token]) redirect_to(admin_reset_request_path) and return if user.nil? end def reset_password user = User.find_by(reset_token: params[:reset_token]) redirect_to(admin_reset_request_path) and return if user.nil? if user.update(reset_params) redirect_to admin_login_path, success: "Password has been reset. Please log in." else redirect_to(admin_reset_request_path) end end private def request_params params.require(:auth).permit(:email) end def reset_params params.require(:auth).permit(:password, :password_confirmation) end end end