Authentication should only apply to admin interface when *both* email *and* password are unset

author: Seb Bacon <seb.bacon@gmail.com> 2011-07-26 17:19:14 +0100
committer: Seb Bacon <seb.bacon@gmail.com> 2011-07-27 08:50:27 +0100
commit: 67829b434b56b60fa281b8a147003d86e28c074a (patch)
tree: 32c1f929a1c523e5bd844048c20e6a0fadf65f0e /app/controllers/admin_controller.rb
parent: 51dbaf3e40f4da6219633e50cc59aefb04366000 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 8598091d9..375c19529 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -48,7 +48,7 @@ class AdminController < ApplicationController
 	def authenticate
             username = MySociety::Config.get('ADMIN_USERNAME', '')
             password = MySociety::Config.get('ADMIN_PASSWORD', '')
-            if !(username && password).empty?
+            if !username.empty? && !password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
                     user_name == username && password == password
                 end
author	Seb Bacon <seb.bacon@gmail.com>	2011-07-26 17:19:14 +0100
committer	Seb Bacon <seb.bacon@gmail.com>	2011-07-27 08:50:27 +0100
commit	67829b434b56b60fa281b8a147003d86e28c074a (patch)
tree	32c1f929a1c523e5bd844048c20e6a0fadf65f0e /app/controllers/admin_controller.rb
parent	51dbaf3e40f4da6219633e50cc59aefb04366000 (diff)