Respect admin password and username. Fixes #245.

author: Seb Bacon <seb.bacon@gmail.com> 2011-09-30 12:14:20 +0100
committer: Seb Bacon <seb.bacon@gmail.com> 2011-09-30 12:14:20 +0100
commit: 9179a0b0ba7cdd84494ed614a04d95c7a976ba88 (patch)
tree: 451c29952afee34d44e0ecf5c5a1be0833a92bb7 /app/controllers/admin_controller.rb
parent: 33001314408389aa94b2e75302a856e380a5ec5d (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 655670b5a..0bfbcd3d1 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -45,13 +45,17 @@ class AdminController < ApplicationController
         end
     end
 	private
+
 	def authenticate
-            username = MySociety::Config.get('ADMIN_USERNAME', '')
-            password = MySociety::Config.get('ADMIN_PASSWORD', '')
-            if !username.empty? && !password.empty?
+            config_username = MySociety::Config.get('ADMIN_USERNAME', '')
+            config_password = MySociety::Config.get('ADMIN_PASSWORD', '')
+            if !config_username.empty? && !config_password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
-                    user_name == username && password == password
-                    session[:using_admin] = 1
+                    if user_name == config_username && password == config_password
+                        session[:using_admin] = 1
+                    else
+                        request_http_basic_authentication
+                    end
                 end
             else
                 session[:using_admin] = 1
author	Seb Bacon <seb.bacon@gmail.com>	2011-09-30 12:14:20 +0100
committer	Seb Bacon <seb.bacon@gmail.com>	2011-09-30 12:14:20 +0100
commit	9179a0b0ba7cdd84494ed614a04d95c7a976ba88 (patch)
tree	451c29952afee34d44e0ecf5c5a1be0833a92bb7 /app/controllers/admin_controller.rb
parent	33001314408389aa94b2e75302a856e380a5ec5d (diff)