class UsersController < ApplicationController
  def new
    @user = User.new
  end

  def create
    @user = User.create(params.require(:user).permit(:email, :password))
    session[:user_id] = @user.id
    redirect_to '/welcome', notice: 'Account has been created'
  end

  def password_recovery_request
    @user = User.where(email: params['email']).first
    UserMailer.with(user: @user).password_recovery.deliver_now
    redirect_to '/welcome', notice: "Recovery email sent to #{params['email']}"
  end

  def password_recovery_request_form
  end

  def recover_password_form
    @recovery_password = params[:recovery_password]
    @user_id = params[:id]
  end

  def recover_password
    user = User.find(params[:user_id])
    if user.recovery_password_digest && user.authenticate_recovery_password(params[:recovery_password])
      user.password = params[:password]
      user.password_confirmation = params[:password_confirmation]
      if user.save
        user.update(recovery_password: nil)
        redirect_to '/welcome', notice: 'Password changed'
      else
        redirect_to '/welcome', notice: 'Passwords don\'t match'
      end
    else
      redirect_to '/welcome', notice: 'Recovery link expired or unvalid'
    end
  end
end