sessions_controller.rb in exposition-0.0.5.4.pre.alpha

- old
+ new

@@ -4,11 +4,12 @@
 
     def new
     end
 
     def create
-      user = User.find_by(email: params[:session][:email].downcase)
-      if user && user.authenticate(params[:session][:password])
+      permitted = params.require(:session).permit([:email, :password])
+      user = User.find_by(email: permitted[:email].downcase)
+      if user && user.authenticate(permitted[:password])
         # Log the user in and redirect to the user's show page.
 
         user.set_encrypted_remember_token!
         session[:user_id] = user.id
         cookies.permanent.signed[:user_id] = user.id