class PasswordsController < ApplicationController
  before_action :require_authentication

  def edit
    @user = Current.user
  end

  def update
    @user = Current.user

    if @user.authenticate(params[:current_password])
      if @user.update(params.permit(:password, :password_confirmation))
        @user.sessions.where.not(id: Current.session.id).destroy_all
        redirect_to root_path, notice: "Password updated successfully."
      else
        flash.now[:alert] = "New password confirmation didn't match."
        render :edit, status: :unprocessable_entity
      end
    else
      flash.now[:alert] = "Current password is incorrect."
      render :edit, status: :unprocessable_entity
    end
  end
end