diff --git a/app/assets/stylesheets/admin.scss b/app/assets/stylesheets/admin.scss
index c1e7df9d91..84a270efb9 100644
--- a/app/assets/stylesheets/admin.scss
+++ b/app/assets/stylesheets/admin.scss
@@ -269,6 +269,12 @@ body.admin {
}
+/* Debug */
+
+table.table-debug {
+ font-family: monospace;
+}
+
/* Timeline */
.timeline_date {
diff --git a/app/controllers/admin/debug_controller.rb b/app/controllers/admin/debug_controller.rb
new file mode 100644
index 0000000000..fee7adbe00
--- /dev/null
+++ b/app/controllers/admin/debug_controller.rb
@@ -0,0 +1,12 @@
+class Admin::DebugController < AdminController
+ def index
+ @admin_current_user = admin_current_user
+ @current_commit = Statistics::General.new.to_h[:alaveteli_git_commit]
+ @current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
+ @current_version = ALAVETELI_VERSION
+ repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
+ @github_origin = "https://github.com/#{repo}/tree/"
+ @request_env = request.env
+ @alaveteli_configuration = AlaveteliConfiguration.to_sanitized_hash
+ end
+end
diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb
index b879b14852..3e72905d0f 100644
--- a/app/controllers/admin_general_controller.rb
+++ b/app/controllers/admin_general_controller.rb
@@ -157,16 +157,6 @@ def stats
@tracks_by_type = TrackThing.group('track_type').count
end
- def debug
- @admin_current_user = admin_current_user
- @current_commit = Statistics::General.new.to_h[:alaveteli_git_commit]
- @current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
- @current_version = ALAVETELI_VERSION
- repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
- @github_origin = "https://github.com/#{repo}/tree/"
- @request_env = request.env
- end
-
private
def get_events_title
diff --git a/app/views/admin/changelog/index.html.erb b/app/views/admin/changelog/index.html.erb
index f1024f385f..00ace3831e 100644
--- a/app/views/admin/changelog/index.html.erb
+++ b/app/views/admin/changelog/index.html.erb
@@ -14,7 +14,7 @@
You are currently running Alaveteli version:
- <%= link_to ALAVETELI_VERSION, admin_debug_path %>
+ <%= link_to ALAVETELI_VERSION, admin_debug_index_path %>
diff --git a/app/views/admin/debug/index.html.erb b/app/views/admin/debug/index.html.erb
new file mode 100644
index 0000000000..b5eed36ed1
--- /dev/null
+++ b/app/views/admin/debug/index.html.erb
@@ -0,0 +1,111 @@
+<% @title = 'Debug' %>
+
+<%= @title %>
+
+You are <%= @admin_current_user %>
+
+Version numbers
+
+
+
+ | Alaveteli version: |
+ <%= @current_version %> |
+
+
+
+ | Alaveteli Branch: |
+
+ <% if @current_branch == '(no branch)' %>
+ (no branch) |
+ <% else %>
+ <%= link_to @current_branch, @github_origin + @current_branch %> |
+ <% end %>
+
+
+
+ | Alaveteli commit: |
+ <%= link_to @current_commit, @github_origin + @current_commit %> |
+
+
+
+ | RUBY_VERSION |
+ <%= RUBY_VERSION %> |
+
+
+
+ | Rails::VERSION::STRING |
+ <%= Rails::VERSION::STRING %> |
+
+
+
+ | Xapian::version_string |
+ <<%= Xapian::version_string %> |
+
+
+
+Configuration
+
+
+
+ See the
+ documentation for more information about configuring Alaveteli.
+
+
+
+ Sensitive values are replaced with [FILTERED]. Use the
+ config/general.yml configuration file to view these.
+
+
+
+ | Rails env: |
+ <%= Rails.env %> |
+
+
+ | Rails root: |
+ <%= Rails.root %> |
+
+
+
+
+ <% @alaveteli_configuration.each do |k,v| %>
+
+ | <%= k %> |
+ <%= v %> |
+
+ <% end %>
+
+
+Environment variables
+
+
+ <% @request_env.each do |k,v| %>
+
+ | <%= k %> |
+ <%= v %> |
+
+ <% end %>
+
+
+Parameters
+
+
+ <% params.each do |k,v| %>
+
+ | <%= k %> |
+ <%= v %> |
+
+ <% end %>
+
+
+Session
+
+
+ <% session.to_hash.each do |k,v| %>
+
+ | <%= k %> |
+ <%= v %> |
+
+ <% end %>
+
diff --git a/app/views/admin_general/_admin_navbar.html.erb b/app/views/admin_general/_admin_navbar.html.erb
index 23384a12ac..1822088460 100644
--- a/app/views/admin_general/_admin_navbar.html.erb
+++ b/app/views/admin_general/_admin_navbar.html.erb
@@ -18,7 +18,7 @@
<%= link_to 'Summary', admin_general_index_path %>
<%= link_to 'Timeline', admin_timeline_path %>
<%= link_to 'Stats', admin_stats_path %>
- <%= link_to 'Debug', admin_debug_path %>
+ <%= link_to 'Debug', admin_debug_index_path %>
diff --git a/app/views/admin_general/debug.html.erb b/app/views/admin_general/debug.html.erb
deleted file mode 100644
index 9ecea8e468..0000000000
--- a/app/views/admin_general/debug.html.erb
+++ /dev/null
@@ -1,55 +0,0 @@
-<% @title = "Debug" %>
-
-<%= @title %>
-
-You are <%= @admin_current_user %>
-
-Version numbers
-
-
- Alaveteli version: <%= @current_version %>
-
- <% if @current_branch == "(no branch)" %>
- Alaveteli branch: (no branch)
- <% else %>
- Alaveteli branch: <%= link_to @current_branch, @github_origin + @current_branch %>
- <% end %>
-
- Alaveteli commit: <%= link_to @current_commit, @github_origin + @current_commit %>
-
- RUBY_VERSION <%= RUBY_VERSION %>
-
- Rails::VERSION::STRING <%= Rails::VERSION::STRING %>
-
- Xapian::version_string <%= Xapian::version_string %>
-
-
-Configuration
-
-
- Rails env: <%= Rails.env %>
-
- Rails root: <%= Rails.root %>
-
-
-Environment variables
-
- <% @request_env.each do |k,v| %>
- | <%= k %> | <%= v %> |
- <% end %>
-
-
-Parameters
-
- <% params.each do |k,v| %>
- | <%= k %> | <%= v %> |
- <% end %>
-
-
-Session
-
- <% session.to_hash.each do |k,v| %>
- | <%= k %> | <%= v %> |
- <% end %>
-
-
diff --git a/config/general.yml-example b/config/general.yml-example
index 630a11fbe2..d124a58047 100644
--- a/config/general.yml-example
+++ b/config/general.yml-example
@@ -12,6 +12,13 @@
# Default values for these settings can be found in
# RAILS_ROOT/lib/configuration.rb
#
+#
+# WARNING: AlaveteliConfiguration is rendered to admin users in
+# Admin::DebugController.
+#
+# Ensure any sensitive values are matched by
+# AlaveteliConfiguration.sensitive_key_patterns
+#
# ==============================================================================
# Site name appears in various places throughout the site
diff --git a/config/routes.rb b/config/routes.rb
index 3d08bc5b8c..0cba03440e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -532,7 +532,12 @@ def matches?(request)
end
####
+ #### Admin::Debug controller
+ namespace :admin do
+ resources :debug, only: :index
+ end
####
+
#### AdminTag controller
namespace :admin do
resources :tags, param: :tag, only: [:index, :show],
@@ -623,9 +628,6 @@ def matches?(request)
match '/admin/timeline' => 'admin_general#timeline',
:as => :admin_timeline,
:via => :get
- match '/admin/debug' => 'admin_general#debug',
- :as => :admin_debug,
- :via => :get
match '/admin/stats' => 'admin_general#stats',
:as => :admin_stats,
:via => :get
diff --git a/doc/CHANGES.md b/doc/CHANGES.md
index aa7ec49eb0..979fe50db1 100644
--- a/doc/CHANGES.md
+++ b/doc/CHANGES.md
@@ -2,6 +2,7 @@
## Highlighted Features
+* Render Alaveteli configuration values on admin debug page (Gareth Rees)
* Show and allow creation of citations from info request batch pages (Graeme
Porteous)
* Allow pro users to create and manage Projects (Graeme Porteous)
diff --git a/lib/configuration.rb b/lib/configuration.rb
index 00f3aef75f..487099198a 100644
--- a/lib/configuration.rb
+++ b/lib/configuration.rb
@@ -13,6 +13,14 @@
# TODO: Make this return different values depending on the current rails environment
module AlaveteliConfiguration
+ # WARNING: AlaveteliConfiguration is rendered to admin users in
+ # Admin::DebugController.
+ #
+ # Ensure any sensitive values match this pattern, or add to the pattern if
+ # adding a new value that doesn't fit.
+ mattr_accessor :sensitive_key_patterns,
+ default: /SECRET|PASSWORD|LICENSE_KEY/
+
unless const_defined?(:DEFAULTS)
# rubocop:disable Layout/LineLength
@@ -150,4 +158,12 @@ def self.method_missing(name)
super
end
end
+
+ def self.to_sanitized_hash
+ DEFAULTS.keys.each_with_object({}) do |key, memo|
+ value = send(key)
+ value = '[FILTERED]' if value.present? && key =~ sensitive_key_patterns
+ memo[key] = value
+ end
+ end
end
diff --git a/spec/controllers/admin/debug_controller_spec.rb b/spec/controllers/admin/debug_controller_spec.rb
new file mode 100644
index 0000000000..a4f9e1bc18
--- /dev/null
+++ b/spec/controllers/admin/debug_controller_spec.rb
@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+RSpec.describe Admin::DebugController do
+ describe 'GET #index' do
+ let(:admin_user) { FactoryBot.create(:admin_user) }
+
+ it 'renders the view' do
+ sign_in admin_user
+ get :index
+ expect(response).to render_template('index')
+ end
+ end
+end
diff --git a/spec/integration/admin_spec.rb b/spec/integration/admin_spec.rb
index f0be089699..202b1a7da7 100644
--- a/spec/integration/admin_spec.rb
+++ b/spec/integration/admin_spec.rb
@@ -99,14 +99,14 @@
describe "the debug page" do
it "should show the current user name" do
using_session(@admin) do
- visit admin_debug_path
+ visit admin_debug_index_path
expect(page).to have_content "joe_admin"
end
end
it "should show the current Alaveteli version" do
using_session(@admin) do
- visit admin_debug_path
+ visit admin_debug_index_path
expect(page).to have_content ALAVETELI_VERSION
end
end
diff --git a/spec/lib/configuration_spec.rb b/spec/lib/configuration_spec.rb
new file mode 100644
index 0000000000..eb57cc0632
--- /dev/null
+++ b/spec/lib/configuration_spec.rb
@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+RSpec.describe AlaveteliConfiguration do
+ include AlaveteliConfiguration
+
+ describe '#to_sanitized_hash' do
+ subject { described_class.to_sanitized_hash }
+ it { is_expected.to include(:INCOMING_EMAIL_SECRET => '[FILTERED]') }
+ end
+end