controller/init.rb in ts-admin-0.2.2 vs controller/init.rb in ts-admin-0.2.3

@@ -28,14 +28,21 @@
 
   def auth_login(username, password)
     return unless username and password
     return if username.empty? or password.empty?
 
-    return unless APP_CONFIG['auth']['username'].downcase == username.downcase
-    return unless APP_CONFIG['auth']['password'] == Digest::SHA1.hexdigest(password)
+    authenticated = false
+    auth = APP_CONFIG['auth'].is_a?(Array) ? APP_CONFIG['auth'] : [APP_CONFIG['auth']]
+    auth.each do |a|
+      next unless a['username'].downcase == username.downcase
+      next unless a['password'] == Digest::SHA1.hexdigest(password)
+      authenticated = true
+    end
 
+    return unless authenticated
+
     session[:logged_in] = true
-    session[:username] = APP_CONFIG['auth']['username']
+    session[:username] = username.downcase
   end
 
   def login_required
     super
     @username = session[:username]