use only strong params and private methods to use url params

Stricks1 · Stricks1 · commit fc73e43e8f6f · 2020-07-08T12:34:07.000-03:00
diff --git a/app/controllers/followings_controller.rb b/app/controllers/followings_controller.rb
@@ -6,7 +6,6 @@ class FollowingsController < ApplicationController
   # POST /followings/user.json
   def create
     @following = Following.new
-    @user = User.find(params[:id])
     if @following.build_saving(@user, current_user)
       flash[:notice] = "Success following #{@user.username}"
     else
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -1,11 +1,12 @@
 class SessionsController < ApplicationController
+  before_action :set_user, only: %i[create]
+
   def new; end
 
   def create
-    user = User.find_by_username(params[:username])
-    if user
-      session[:user_id] = user.id
-      session[:username] = user.username
+    if @user
+      session[:user_id] = @user.id
+      session[:username] = @user.username
       redirect_to root_url, notice: 'Logged in!'
     else
       flash.now[:alert] = 'Username invalid'
@@ -18,4 +19,13 @@ def destroy
     session[:username] = nil
     redirect_to root_url, notice: 'Logged out!'
   end
+
+  private
+
+  # Use callbacks to share common setup or constraints between actions.
+  def set_user
+    @user = User.find_by_username(params[:username])
+  rescue ActiveRecord::RecordNotFound
+    @user = nil
+  end
 end
