How to require authentication for all pages with Devise?

Question

I have started to use Devise gem and now trying to implement the code, so my web app will require to login for each and every page on my app. I have added the following code to routes.rb according to this instruction:

authenticated :user do
  root to: 'home#index', as: :authenticated_root
end
root to: redirect('/users/sign_in')

but it doesn't work. When I go to any page - it just open that page, and doesn't forward me to the sign_in page. Could anyone please clarify what I missed? Any help would be appreciated.

Answer 1

You don't need to combine authentication in the routes.rb and before_action, only in the routes.rb should be enough.

But if you want to redirect to the login, you should use authenticate instead of authenticated.

With "authenticate", it is possible to make resources and routes that will ask for authentication before they can be accessed

Replacing "authenticate" with "authenticated" in the above code causes the resource to simply be unavailable if the user is not authenticated

https://github.com/plataformatec/devise/wiki/How-To:-Define-resource-actions-that-require-authentication-using-routes.rb

It should look like this:

authenticate :user do
  root to: 'home#index', as: :authenticated_root
end
root to: redirect('/users/sign_in')

Answer 2

That's not enough. You still need to tell your controllers to require authentication for any action. In your case, the quickest way would be to add before_action :authenticate_user! to ApplicationController.

Answer 3

Add this to your app controller

class ApplicationController < ActionController::Base
  ...
  before_action :authenticate_user!
end