From 9179a0b0ba7cdd84494ed614a04d95c7a976ba88 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Fri, 30 Sep 2011 12:14:20 +0100
Subject: Respect admin password and username.  Fixes #245.

---
 app/controllers/admin_controller.rb | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'app/controllers/admin_controller.rb')

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 655670b5a..0bfbcd3d1 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -45,13 +45,17 @@ class AdminController < ApplicationController
         end
     end
 	private
+
 	def authenticate
-            username = MySociety::Config.get('ADMIN_USERNAME', '')
-            password = MySociety::Config.get('ADMIN_PASSWORD', '')
-            if !username.empty? && !password.empty?
+            config_username = MySociety::Config.get('ADMIN_USERNAME', '')
+            config_password = MySociety::Config.get('ADMIN_PASSWORD', '')
+            if !config_username.empty? && !config_password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
-                    user_name == username && password == password
-                    session[:using_admin] = 1
+                    if user_name == config_username && password == config_password
+                        session[:using_admin] = 1
+                    else
+                        request_http_basic_authentication
+                    end
                 end
             else
                 session[:using_admin] = 1
-- 
cgit v1.2.3