The post '/login' route, doesn't require a user.authenticate.
It should have 'user.authenticate(params[:password])' in there since that seems to be an important part of the lecture preceding this, password security. Currently, that route's spec only checks to see if the inputs aren't empty but doesn't ask to see if the password has been authenticated.
The post '/login' route, doesn't require a user.authenticate.
It should have 'user.authenticate(params[:password])' in there since that seems to be an important part of the lecture preceding this, password security. Currently, that route's spec only checks to see if the inputs aren't empty but doesn't ask to see if the password has been authenticated.