I'd like a simple method in my application controller that requires all users to log in before continuing to any part of the site. I'm using Devise for authentication.
I tried:
class ApplicationController < ActionController::Base
...
unless user_signed_in?
redirect_to login_path
end
...
end
This successfully redirects everyone, but the problem is it also prevents the post request necessary to create a new user session.
So my question is, how would you go about blocking all requests except for the login view and the post request for logging in?
Using Devise this is easy. You just need to add before_filter :authenticate_user! to your ApplicationController.
This is all spelled out in the Devise wiki - https://github.com/plataformatec/devise
Note that in Rails 4.2+, before_action :authenticate_user! is preferred.