class SessionsController < ApplicationController
  skip_before_action :require_login, only: %i[new create]

  def new
  end

  def create
    user = User.find_by_login(params[:login])

    if user&.authenticate(params[:password])
      session[:user_id] = user.id
      session[:company_id] = user.company_id
      redirect_to root_path, notice: t('sessions.login_successful')
    else
      flash.now[:alert] = t('sessions.invalid_credentials')
      render :new, status: :unprocessable_entity
    end
  end

  def destroy
    session[:user_id] = nil
    session[:company_id] = nil
    redirect_to login_path, notice: t('sessions.logout_successful')
  end
end