statamic · jasonvarga · Apr 23, 2026 · Apr 23, 2026 · Apr 23, 2026 · Apr 23, 2026
diff --git a/src/Preferences/Preferences.php b/src/Preferences/Preferences.php
@@ -45,7 +45,7 @@ public function all()
     {
         $this->resetState();
 
-        if (auth()->check()) {
+        if (User::current()) {
             $this
                 ->mergeDottedUserPreferences()
                 ->mergeDottedRolePreferences();

diff --git a/tests/CP/AuthRedirectTest.php b/tests/CP/AuthRedirectTest.php
@@ -7,6 +7,7 @@
 use Statamic\Exceptions\AuthorizationException;
 use Statamic\Facades\User;
 use Statamic\Statamic;
+use Tests\Auth\Eloquent\User as EloquentUser;
 use Tests\FakesRoles;
 use Tests\PreventSavingStacheItemsToDisk;
 use Tests\TestCase;
@@ -94,4 +95,15 @@ public function it_redirects_to_unauthorized_view_if_there_would_be_a_redirect_l
             ->assertRedirect(cp_route('unauthorized'))
             ->assertSessionHas(['error' => 'Unauthorized.']);
     }
+
+    #[Test]
+    public function it_redirects_to_login_when_authenticated_user_is_not_a_statamic_user()
+    {
+        $nonStatamicUser = EloquentUser::make();
+
+        $this
+            ->actingAs($nonStatamicUser)
+            ->get('/cp')
+            ->assertRedirect(cp_route('login'));
+    }
 }