Rails - devise and sidekiq routes

Question

I am running a Rails 5.0.0 app with Ruby 2.3.1

Sidekiq is being used for background jobs and devise for authentication.

Sidekiq monitoring and devise are mounted in routes as follows:

devise_for :users, skip: [:sessions]
    as :user do
        get    'login' => 'devise/sessions#new',      :as => :new_user_session
        post   'login' => 'devise/sessions#create',   :as => :user_session
        delete 'logout' => 'devise/sessions#destroy', :as => :destroy_user_session
    end

require 'sidekiq/web'
    require 'sidekiq/cron/web'
    #Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]
    authenticate :user do
        mount Sidekiq::Web => '/sidekiq'
    end

But, accessing the sidekiq status page logs out the user.

The same code used to work fine with Rails 4.2.5

Answer 1

Try wrapping your mounting of Sidekiq under devise_scope, in the same way you're using its alias "as" in your devise_for route:

# Only allow authenticated users to get access
# to the Sidekiq web interface
devise_scope :user do
  authenticated :user do
    mount Sidekiq::Web => '/sidekiq'
  end
end

Answer 2

Here's a snippet for that allows for custom authentication on the Sidekiq routes.

authenticate :user, ->(user) { user.admin? || Other auth related checks... } do
  mount Sidekiq::Web => "/sidekiq"
end