From 000b14b71c9dfb7b545240d8ca7ac19cae424a99 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Tue, 26 Jul 2011 17:19:14 +0100 Subject: Authentication should only apply to admin interface when *both* email *and* password are unset --- app/controllers/admin_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/admin_controller.rb') diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 8598091d9..375c19529 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -48,7 +48,7 @@ class AdminController < ApplicationController def authenticate username = MySociety::Config.get('ADMIN_USERNAME', '') password = MySociety::Config.get('ADMIN_PASSWORD', '') - if !(username && password).empty? + if !username.empty? && !password.empty? authenticate_or_request_with_http_basic do |user_name, password| user_name == username && password == password end -- cgit v1.2.3