2 files changed, 10 insertions, 0 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index cecfa318c..beba6b235 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -448,6 +448,9 @@ sub check_csrf_token : Private {
         unless $time
             && $time > time() - 3600
             && $token eq $gen_token;
+
+    # Also check recaptcha if needed
+    $c->cobrand->call_hook('check_recaptcha');
 }
 
 sub no_csrf_token : Private {
diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm
index c5d20a5da..8ffba3dcf 100644
--- a/perllib/FixMyStreet/App/Controller/Report/Update.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm
@@ -484,6 +484,13 @@ sub save_update : Private {
         $update->confirm();
     } elsif ($c->stash->{contributing_as_anonymous_user}) {
         $update->set_extra_metadata( contributed_as => 'anonymous_user' );
+        if ( $c->user_exists && $c->user->from_body ) {
+            # If a staff user has clicked the 'report anonymously' button then
+            # there would be no record of who that staff member was as we've
+            # used the cobrand's anonymous_account for the report. In this case
+            # record the staff user ID in the report metadata.
+            $update->set_extra_metadata( contributed_by => $c->user->id );
+        }
         $update->confirm();
     } elsif ( !$update->user->in_storage ) {
         # User does not exist.