class UsersController < ApplicationController
  def new
    @user = User.new
  end

  def create
    @user = User.create(params.require(:user).permit(:email, :password))
    session[:user_id] = @user.id
    redirect_to '/welcome'
  end

  def password_recovery_request
    @user = User.where(email: params['email']).first
    UserMailer.with(user: @user).password_recovery.deliver_now
  end

  def password_recovery_request_form
  end

  def recover_password_form
    @recovery_code = params[:recovery_code]
    @user_id = params[:id]
  end

  def recover_password
    user = User.find(params[:user_id])
    if user.authenticate_recovery_password(params[:recovery_code])
      user.password = params[:password]
      user.password_confirmation = params[:repeated_password]
      user.recovery_password_digest = nil
      if user.save
        redirect_to '/welcome'
      end
    end
  end
end