Initial commit

lib/something_erlang_web/controllers/user_session_controller.ex

@@ -0,0 +1,27 @@
+defmodule SomethingErlangWeb.UserSessionController do
+  use SomethingErlangWeb, :controller
+
+  alias SomethingErlang.Accounts
+  alias SomethingErlangWeb.UserAuth
+
+  def new(conn, _params) do
+    render(conn, "new.html", error_message: nil)
+  end
+
+  def create(conn, %{"user" => user_params}) do
+    %{"email" => email, "password" => password} = user_params
+
+    if user = Accounts.get_user_by_email_and_password(email, password) do
+      UserAuth.log_in_user(conn, user, user_params)
+    else
+      # In order to prevent user enumeration attacks, don't disclose whether the email is registered.
+      render(conn, "new.html", error_message: "Invalid email or password")
+    end
+  end
+
+  def delete(conn, _params) do
+    conn
+    |> put_flash(:info, "Logged out successfully.")
+    |> UserAuth.log_out_user()
+  end
+end