From 59518c9e7fef9c44c3fade02a6adec9d4ce7f639 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Wed, 29 May 2024 18:48:05 +0100 Subject: [PATCH] Render AlaveteliConfiguration on admin debug page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Makes it easier for less technical users to look up specific configuration values – or indeed, save technical users opening an ssh session. Fixes https://github.com/mysociety/alaveteli/issues/1636 --- app/controllers/admin/debug_controller.rb | 1 + app/views/admin/debug/index.html.erb | 21 +++++++++++++++++++ .../admin_general/_admin_navbar.html.erb | 2 +- config/general.yml-example | 7 +++++++ config/routes.rb | 5 +---- doc/CHANGES.md | 1 + lib/configuration.rb | 16 ++++++++++++++ spec/lib/configuration_spec.rb | 10 +++++++++ 8 files changed, 58 insertions(+), 5 deletions(-) create mode 100644 spec/lib/configuration_spec.rb diff --git a/app/controllers/admin/debug_controller.rb b/app/controllers/admin/debug_controller.rb index 8155c1f3d1..fee7adbe00 100644 --- a/app/controllers/admin/debug_controller.rb +++ b/app/controllers/admin/debug_controller.rb @@ -7,5 +7,6 @@ def index repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'` @github_origin = "https://github.com/#{repo}/tree/" @request_env = request.env + @alaveteli_configuration = AlaveteliConfiguration.to_sanitized_hash end end diff --git a/app/views/admin/debug/index.html.erb b/app/views/admin/debug/index.html.erb index e88f70c4bf..b5eed36ed1 100644 --- a/app/views/admin/debug/index.html.erb +++ b/app/views/admin/debug/index.html.erb @@ -45,6 +45,18 @@

Configuration

+
+

+ See the + documentation for more information about configuring Alaveteli. +

+ +

+ Sensitive values are replaced with [FILTERED]. Use the + config/general.yml configuration file to view these. +

+
+ @@ -56,6 +68,15 @@
Rails env:
+ + <% @alaveteli_configuration.each do |k,v| %> + + + + + <% end %> +
<%= k %><%= v %>
+

Environment variables

diff --git a/app/views/admin_general/_admin_navbar.html.erb b/app/views/admin_general/_admin_navbar.html.erb index 23384a12ac..1822088460 100644 --- a/app/views/admin_general/_admin_navbar.html.erb +++ b/app/views/admin_general/_admin_navbar.html.erb @@ -18,7 +18,7 @@
  • <%= link_to 'Summary', admin_general_index_path %>
  • <%= link_to 'Timeline', admin_timeline_path %>
  • <%= link_to 'Stats', admin_stats_path %>
    • -
  • <%= link_to 'Debug', admin_debug_path %>
    • +
  • <%= link_to 'Debug', admin_debug_index_path %>
    • diff --git a/config/general.yml-example b/config/general.yml-example index 630a11fbe2..d124a58047 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -12,6 +12,13 @@ # Default values for these settings can be found in # RAILS_ROOT/lib/configuration.rb # +# +# WARNING: AlaveteliConfiguration is rendered to admin users in +# Admin::DebugController. +# +# Ensure any sensitive values are matched by +# AlaveteliConfiguration.sensitive_key_patterns +# # ============================================================================== # Site name appears in various places throughout the site diff --git a/config/routes.rb b/config/routes.rb index 0a1ebad3f2..9317eb264c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -528,10 +528,7 @@ def matches?(request) #### Admin::Debug controller namespace :admin do - # FIXME: For some reason the resources call is generating the route as - # admin_debug_index_path rather than the standard admin_debug_path. - # resources :debug, only: [:index] - get 'debug', to: 'debug#index', as: :debug + resources :debug, only: :index end #### diff --git a/doc/CHANGES.md b/doc/CHANGES.md index b554bb126f..a84816b282 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -2,6 +2,7 @@ ## Highlighted Features +* Render Alaveteli configuration values on admin debug page (Gareth Rees) * View user profile photos from admin list of users (Gareth Rees) * Update user email to be sent from the blackhole address (Graeme Porteous) * Remove ability to publicly view authority contact email addresses to prevent diff --git a/lib/configuration.rb b/lib/configuration.rb index 00f3aef75f..487099198a 100644 --- a/lib/configuration.rb +++ b/lib/configuration.rb @@ -13,6 +13,14 @@ # TODO: Make this return different values depending on the current rails environment module AlaveteliConfiguration + # WARNING: AlaveteliConfiguration is rendered to admin users in + # Admin::DebugController. + # + # Ensure any sensitive values match this pattern, or add to the pattern if + # adding a new value that doesn't fit. + mattr_accessor :sensitive_key_patterns, + default: /SECRET|PASSWORD|LICENSE_KEY/ + unless const_defined?(:DEFAULTS) # rubocop:disable Layout/LineLength @@ -150,4 +158,12 @@ def self.method_missing(name) super end end + + def self.to_sanitized_hash + DEFAULTS.keys.each_with_object({}) do |key, memo| + value = send(key) + value = '[FILTERED]' if value.present? && key =~ sensitive_key_patterns + memo[key] = value + end + end end diff --git a/spec/lib/configuration_spec.rb b/spec/lib/configuration_spec.rb new file mode 100644 index 0000000000..eb57cc0632 --- /dev/null +++ b/spec/lib/configuration_spec.rb @@ -0,0 +1,10 @@ +require 'spec_helper' + +RSpec.describe AlaveteliConfiguration do + include AlaveteliConfiguration + + describe '#to_sanitized_hash' do + subject { described_class.to_sanitized_hash } + it { is_expected.to include(:INCOMING_EMAIL_SECRET => '[FILTERED]') } + end +end