class SessionsController < ApplicationController
  skip_before_action :require_authorization

  def new
    redirect_to sections_path if authorized?
  end

  def create
    if authorized?
      redirect_to sections_path
      return
    end

    if Rails.configuration.entrance_exam_token != params[:token]
      redirect_to new_sessions_path
      return
    end

    cookies.signed[:_entrance_exam_authorized] = {
      value: true,
      expires: 1.year
    }
    redirect_to sections_path
  end
end