display error when the credentials are not known.

2 files changed, 20 insertions, 3 deletions

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index d16e5389..b4f64644 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -4,9 +4,14 @@ class SessionsController < ApplicationController
   end
 
   def create
-    user_session = Session.login(session_params[:username], session_params[:password])
-    cookies.signed[:cookie_monster] = user_session.id
-    render nothing: true
+    @session = Session.login(session_params[:username], session_params[:password])
+    if @session
+      cookies.signed[:cookie_monster] = @session.id
+      render nothing: true
+    else
+      flash[:error] = "invalid credentials"
+      render :new
+    end
   end
 
   private
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 226dc27c..eaaaf3fe 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -23,5 +23,17 @@ describe SessionsController do
         expect(cookies.signed[:cookie_monster]).to eql(user_session.id)
       end
     end
+
+    context "when the username is not known" do
+      before :each do
+        Session.stub(:login).and_return(nil)
+      end
+
+      it "returns an error" do
+        post :create, session: { username: 'x', password: 'y' }
+        expect(response).to render_template(:new)
+        expect(flash[:error]).to_not be_empty
+      end
+    end
   end
 end