From 000b14b71c9dfb7b545240d8ca7ac19cae424a99 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Tue, 26 Jul 2011 17:19:14 +0100
Subject: Authentication should only apply to admin interface when *both* email
 *and* password are unset

---
 app/controllers/admin_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers/admin_controller.rb')

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 8598091d9..375c19529 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -48,7 +48,7 @@ class AdminController < ApplicationController
 	def authenticate
             username = MySociety::Config.get('ADMIN_USERNAME', '')
             password = MySociety::Config.get('ADMIN_PASSWORD', '')
-            if !(username && password).empty?
+            if !username.empty? && !password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
                     user_name == username && password == password
                 end
-- 
cgit v1.2.3