Skip to content

Commit

Permalink
Render AlaveteliConfiguration on admin debug page
Browse files Browse the repository at this point in the history
Makes it easier for less technical users to look up specific
configuration values – or indeed, save technical users opening an ssh
session.

Fixes #1636
  • Loading branch information
garethrees committed Jun 14, 2024
1 parent 9a446ec commit 0338c9b
Show file tree
Hide file tree
Showing 8 changed files with 58 additions and 5 deletions.
1 change: 1 addition & 0 deletions app/controllers/admin/debug_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,6 @@ def index
repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
@github_origin = "https://github.com/#{repo}/tree/"
@request_env = request.env
@alaveteli_configuration = AlaveteliConfiguration.to_sanitized_hash
end
end
21 changes: 21 additions & 0 deletions app/views/admin/debug/index.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,18 @@

<h2>Configuration</h2>

<div class="help-block">
<p>
See the <a href="https://alaveteli.org/docs/customising/config/">
documentation</a> for more information about configuring Alaveteli.
</p>

<p>
Sensitive values are replaced with <tt>[FILTERED]</tt>. Use the
<tt>config/general.yml</tt> configuration file to view these.
</p>
</div>

<table class="table table-condensed table-debug">
<tr>
<td>Rails env:</td>
Expand All @@ -56,6 +68,15 @@
</tr>
</table>

<table class="table table-condensed table-debug">
<% @alaveteli_configuration.each do |k,v| %>
<tr>
<td><%= k %></td>
<td><%= v %></td>
</tr>
<% end %>
</table>

<h2>Environment variables</h2>

<table class="table table-condensed table-debug">
Expand Down
2 changes: 1 addition & 1 deletion app/views/admin_general/_admin_navbar.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
<li><%= link_to 'Summary', admin_general_index_path %></li>
<li><%= link_to 'Timeline', admin_timeline_path %></li>
<li><%= link_to 'Stats', admin_stats_path %></li>
<li><%= link_to 'Debug', admin_debug_path %></li>
<li><%= link_to 'Debug', admin_debug_index_path %></li>
</ul>
</li>

Expand Down
7 changes: 7 additions & 0 deletions config/general.yml-example
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,13 @@
# Default values for these settings can be found in
# RAILS_ROOT/lib/configuration.rb
#
#
# WARNING: AlaveteliConfiguration is rendered to admin users in
# Admin::DebugController.
#
# Ensure any sensitive values are matched by
# AlaveteliConfiguration.sensitive_key_patterns
#
# ==============================================================================

# Site name appears in various places throughout the site
Expand Down
5 changes: 1 addition & 4 deletions config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -528,10 +528,7 @@ def matches?(request)

#### Admin::Debug controller
namespace :admin do
# FIXME: For some reason the resources call is generating the route as
# admin_debug_index_path rather than the standard admin_debug_path.
# resources :debug, only: [:index]
get 'debug', to: 'debug#index', as: :debug
resources :debug, only: :index
end
####

Expand Down
1 change: 1 addition & 0 deletions doc/CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

## Highlighted Features

* Render Alaveteli configuration values on admin debug page (Gareth Rees)
* Update user email to be sent from the blackhole address (Graeme Porteous)
* Remove ability to publicly view authority contact email addresses to prevent
harvesting (Gareth Rees)
Expand Down
16 changes: 16 additions & 0 deletions lib/configuration.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,14 @@
# TODO: Make this return different values depending on the current rails environment

module AlaveteliConfiguration
# WARNING: AlaveteliConfiguration is rendered to admin users in
# Admin::DebugController.
#
# Ensure any sensitive values match this pattern, or add to the pattern if
# adding a new value that doesn't fit.
mattr_accessor :sensitive_key_patterns,
default: /SECRET|PASSWORD|LICENSE_KEY/

unless const_defined?(:DEFAULTS)

# rubocop:disable Layout/LineLength
Expand Down Expand Up @@ -150,4 +158,12 @@ def self.method_missing(name)
super
end
end

def self.to_sanitized_hash
DEFAULTS.keys.each_with_object({}) do |key, memo|
value = send(key)
value = '[FILTERED]' if value.present? && key =~ sensitive_key_patterns
memo[key] = value
end
end
end
10 changes: 10 additions & 0 deletions spec/lib/configuration_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
require 'spec_helper'

RSpec.describe AlaveteliConfiguration do
include AlaveteliConfiguration

describe '#to_sanitized_hash' do
subject { described_class.to_sanitized_hash }
it { is_expected.to include(:INCOMING_EMAIL_SECRET => "[FILTERED]") }
end
end

0 comments on commit 0338c9b

Please sign in to comment.