Authenticate User before action

Previously we would fall back on authorization to determine if a user
should be able to access a certain endpoint. We should be
authenticating the user first prior to checking if the specific user is
authorized to access a certain endpoint

Co-Authored-By: Elia Schito <elia@schito.me>

Author: cpfergus1

lib/decorators/backend/controllers/spree/admin/base_controller_decorator.rb

@@ -3,6 +3,12 @@
 module Spree
   module Admin
     module BaseControllerDecorator
+      def self.prepended(base)
+        base.class_eval do
+          before_action :authenticate_spree_user!
+        end
+      end
+
       protected
 
       def model_class

lib/decorators/frontend/controllers/spree/users_controller_decorator.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Spree
+  module UsersControllerDecorator
+    def self.prepended(base)
+      base.class_eval do
+        before_action :authenticate_spree_user!, except: [:new, :create]
+      end
+    end
+
+    ::Spree::UsersController.prepend self
+  end
+end