From 9179a0b0ba7cdd84494ed614a04d95c7a976ba88 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Fri, 30 Sep 2011 12:14:20 +0100
Subject: Respect admin password and username.  Fixes #245.

---
 app/controllers/admin_controller.rb | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'app/controllers/admin_controller.rb')

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 655670b5a..0bfbcd3d1 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -45,13 +45,17 @@ class AdminController < ApplicationController
         end
     end
 	private
+
 	def authenticate
-            username = MySociety::Config.get('ADMIN_USERNAME', '')
-            password = MySociety::Config.get('ADMIN_PASSWORD', '')
-            if !username.empty? && !password.empty?
+            config_username = MySociety::Config.get('ADMIN_USERNAME', '')
+            config_password = MySociety::Config.get('ADMIN_PASSWORD', '')
+            if !config_username.empty? && !config_password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
-                    user_name == username && password == password
-                    session[:using_admin] = 1
+                    if user_name == config_username && password == config_password
+                        session[:using_admin] = 1
+                    else
+                        request_http_basic_authentication
+                    end
                 end
             else
                 session[:using_admin] = 1
-- 
cgit v1.2.3


From 5128b4348862037139df45da15d4eee314bc710a Mon Sep 17 00:00:00 2001
From: seb <seb@seb-U36JC>
Date: Mon, 21 Nov 2011 12:31:44 +0000
Subject: Username from users logged in as ADMIN_USERNAME should appear in
 administrative interface event logs.  Fixes #287.

---
 app/controllers/admin_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers/admin_controller.rb')

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 0bfbcd3d1..adb506b91 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -53,6 +53,7 @@ class AdminController < ApplicationController
                 authenticate_or_request_with_http_basic do |user_name, password|
                     if user_name == config_username && password == config_password
                         session[:using_admin] = 1
+                        request.env['REMOTE_USER'] = user_name
                     else
                         request_http_basic_authentication
                     end
-- 
cgit v1.2.3