class SessionsController < ApplicationController
  skip_before_action :require_login, only: [:new, :create], raise: false
  skip_before_action :redirect_accountless, only: [:new, :create, :destroy]
  skip_after_action :verify_authorized, only: [:new, :create, :destroy], raise: false

  def new
  end

  def create
    user = authenticate_session(session_params)

    if sign_in(user)
      remember_me(user) if remember_me?
      TrackAnalyticsJob.perform_later(user, user.primary_account, :track_user_sign_in, user_agent: request.user_agent, user_ip: request.remote_ip)
      redirect_to signed_in_root_path
    else
      redirect_to new_session_path, alert: t(".alert")
    end
  end

  def destroy
    forget_me(current_user)
    sign_out
    redirect_to new_session_path
  end

  private

  def session_params
    params.require(:session).permit(:email, :password)
  end
end