class SessionsController < ApplicationController def new end def create

1. class SessionsController < ApplicationController
2.  
3. def new
4. end
5.  
6. def create
7. reset_session # prevents session fixation
8. @user = User.find(params[:email])
9. if @user.try(:authenticate, params[:password])
10. session[:user_id] = @user.id
11. redirect_to root_path
12. else
13. render :new, status: :not_found
14. end
15. end
16.  
17. def destroy
18. reset_session
19. redirect_to root_path
20. end
21. end
22.  
23. require 'rails_helper'
24. RSpec.feature "User Authentiation" do
25.  
26. context "signing out" do
27. let(:user) { FactoryGirl.create(:user) }
28. before do
29. visit new_session_path
30. fill_in :email, with: user.email
31. fill_in :password: with: user.password
32. click_button 'Log in'
33. click_button 'Log out'
34. end
35.  
36. scenario 'user should not be signed in' do
37. expect(page).to have_link 'Sign in'
38. expect(page).to_not have_link 'Sign Out'
39. end
40.  
41. scenario 'user should not be able to access the member area' do
42. visit '/members-only'
43. expect(current_path).to_not eq '/members-only'
44. expect(page).to have_text 'Please sign in'
45. end
46. end
47.  
48. # ...
49. end