[#1636] Show AlaveteliConfiguration in admin interface

app/assets/stylesheets/admin.scss

@@ -269,6 +269,12 @@ body.admin {
 
 }
 
+/* Debug */
+
+table.table-debug {
+  font-family: monospace;
+}
+
 /* Timeline */
 
 .timeline_date {

app/controllers/admin/debug_controller.rb

@@ -0,0 +1,12 @@
+class Admin::DebugController < AdminController
+  def index
+    @admin_current_user = admin_current_user
+    @current_commit = Statistics::General.new.to_h[:alaveteli_git_commit]
+    @current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
+    @current_version = ALAVETELI_VERSION
+    repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
+    @github_origin = "https://github.com/#{repo}/tree/"
+    @request_env = request.env
+    @alaveteli_configuration = AlaveteliConfiguration.to_sanitized_hash
+  end
+end

app/controllers/admin_general_controller.rb

@@ -157,16 +157,6 @@ def stats
     @tracks_by_type = TrackThing.group('track_type').count
   end
 
-  def debug
-    @admin_current_user = admin_current_user
-    @current_commit = Statistics::General.new.to_h[:alaveteli_git_commit]
-    @current_branch = `git branch | perl -ne 'print $1 if /^\\* (.*)/'`
-    @current_version = ALAVETELI_VERSION
-    repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
-    @github_origin = "https://github.com/#{repo}/tree/"
-    @request_env = request.env
-  end
-
   private
 
   def get_events_title

app/views/admin/changelog/index.html.erb

@@ -14,7 +14,7 @@
 
 <p>
   You are currently running Alaveteli version:
-  <tt><%= link_to ALAVETELI_VERSION, admin_debug_path %></tt>
+  <tt><%= link_to ALAVETELI_VERSION, admin_debug_index_path %></tt>
 </p>
 
 <hr />

app/views/admin/debug/index.html.erb

@@ -0,0 +1,111 @@
+<% @title = 'Debug' %>
+
+<h1><%= @title %></h1>
+
+<p>You are <%= @admin_current_user %></p>
+
+<h2>Version numbers</h2>
+
+<table class="table table-condensed table-debug">
+  <tr>
+    <td>Alaveteli version:</td>
+    <td><%= @current_version %></td>
+  </tr>
+
+  <tr>
+    <td>Alaveteli Branch:</td>
+
+    <% if @current_branch == '(no branch)' %>
+      <td>(no branch)</td>
+    <% else %>
+      <td><%= link_to @current_branch, @github_origin + @current_branch %></td>
+    <% end %>
+  </tr>
+
+  <tr>
+    <td>Alaveteli commit:</td>
+    <td><%= link_to @current_commit, @github_origin + @current_commit %></td>
+  </tr>
+
+  <tr>
+    <td>RUBY_VERSION</td>
+    <td><%= RUBY_VERSION %></td>
+  </tr>
+
+  <tr>
+    <td>Rails::VERSION::STRING</td>
+    <td><%= Rails::VERSION::STRING %></td>
+  </tr>
+
+  <tr>
+    <td>Xapian::version_string</td>
+    <td><<%= Xapian::version_string %></td>
+  </tr>
+</table>
+
+<h2>Configuration</h2>
+
+<div class="help-block">
+  <p>
+    See the <a href="https://alaveteli.org/docs/customising/config/">
+    documentation</a> for more information about configuring Alaveteli.
+  </p>
+
+  <p>
+    Sensitive values are replaced with <tt>[FILTERED]</tt>. Use the
+    <tt>config/general.yml</tt> configuration file to view these.
+  </p>
+</div>
+
+<table class="table table-condensed table-debug">
+  <tr>
+    <td>Rails env:</td>
+    <td><%= Rails.env %></td>
+  </tr>
+  <tr>
+    <td>Rails root:</td>
+    <td><%= Rails.root %></td>
+  </tr>
+</table>
+
+<table class="table table-condensed table-debug">
+  <% @alaveteli_configuration.each do |k,v| %>
+    <tr>
+      <td><%= k %></td>
+      <td><%= v %></td>
+    </tr>
+  <% end %>
+</table>
+
+<h2>Environment variables</h2>
+
+<table class="table table-condensed table-debug">
+  <% @request_env.each do |k,v| %>
+    <tr>
+      <td><%= k %></td>
+      <td><%= v %></td>
+    </tr>
+  <% end %>
+</table>
+
+<h2>Parameters</h2>
+
+<table class="table table-condensed table-debug">
+  <% params.each do |k,v| %>
+    <tr>
+      <td><%= k %></td>
+      <td><%= v %></td>
+    </tr>
+  <% end %>
+</table>
+
+<h2>Session</h2>
+
+<table class="table table-condensed table-debug">
+  <% session.to_hash.each do |k,v| %>
+    <tr>
+      <td><%= k %></td>
+      <td><%= v %></td>
+    </tr>
+  <% end %>
+</table>

app/views/admin_general/_admin_navbar.html.erb

@@ -18,7 +18,7 @@
               <li><%= link_to 'Summary', admin_general_index_path %></li>
               <li><%= link_to 'Timeline', admin_timeline_path %></li>
               <li><%= link_to 'Stats', admin_stats_path %></li>
-              <li><%= link_to 'Debug', admin_debug_path %></li>
+              <li><%= link_to 'Debug', admin_debug_index_path %></li>
             </ul>
           </li>
 

config/general.yml-example

@@ -12,6 +12,13 @@
 # Default values for these settings can be found in
 # RAILS_ROOT/lib/configuration.rb
 #
+#
+# WARNING: AlaveteliConfiguration is rendered to admin users in
+#          Admin::DebugController.
+#
+# Ensure any sensitive values are matched by
+# AlaveteliConfiguration.sensitive_key_patterns
+#
 # ==============================================================================
 
 # Site name appears in various places throughout the site

config/routes.rb

@@ -532,7 +532,12 @@ def matches?(request)
   end
   ####
 
+  #### Admin::Debug controller
+  namespace :admin do
+    resources :debug, only: :index
+  end
   ####
+
   #### AdminTag controller
   namespace :admin do
     resources :tags, param: :tag, only: [:index, :show],
@@ -623,9 +628,6 @@ def matches?(request)
   match '/admin/timeline' => 'admin_general#timeline',
         :as => :admin_timeline,
         :via => :get
-  match '/admin/debug' => 'admin_general#debug',
-        :as => :admin_debug,
-        :via => :get
   match '/admin/stats' => 'admin_general#stats',
         :as => :admin_stats,
         :via => :get

doc/CHANGES.md

@@ -2,6 +2,7 @@
 
 ## Highlighted Features
 
+* Render Alaveteli configuration values on admin debug page (Gareth Rees)
 * Show and allow creation of citations from info request batch pages (Graeme
   Porteous)
 * Allow pro users to create and manage Projects (Graeme Porteous)

lib/configuration.rb

@@ -13,6 +13,14 @@
 # TODO: Make this return different values depending on the current rails environment
 
 module AlaveteliConfiguration
+  # WARNING: AlaveteliConfiguration is rendered to admin users in
+  #          Admin::DebugController.
+  #
+  # Ensure any sensitive values match this pattern, or add to the pattern if
+  # adding a new value that doesn't fit.
+  mattr_accessor :sensitive_key_patterns,
+                 default: /SECRET|PASSWORD|LICENSE_KEY/
+
   unless const_defined?(:DEFAULTS)
 
     # rubocop:disable Layout/LineLength
@@ -150,4 +158,12 @@ def self.method_missing(name)
       super
     end
   end
+
+  def self.to_sanitized_hash
+    DEFAULTS.keys.each_with_object({}) do |key, memo|
+      value = send(key)
+      value = '[FILTERED]' if value.present? && key =~ sensitive_key_patterns
+      memo[key] = value
+    end
+  end
 end

spec/controllers/admin/debug_controller_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+RSpec.describe Admin::DebugController do
+  describe 'GET #index' do
+    let(:admin_user) { FactoryBot.create(:admin_user) }
+
+    it 'renders the view' do
+      sign_in admin_user
+      get :index
+      expect(response).to render_template('index')
+    end
+  end
+end

spec/integration/admin_spec.rb

@@ -99,14 +99,14 @@
   describe "the debug page" do
     it "should show the current user name" do
       using_session(@admin) do
-        visit admin_debug_path
+        visit admin_debug_index_path
         expect(page).to have_content "joe_admin"
       end
     end
 
     it "should show the current Alaveteli version" do
       using_session(@admin) do
-        visit admin_debug_path
+        visit admin_debug_index_path
         expect(page).to have_content ALAVETELI_VERSION
       end
     end

spec/lib/configuration_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+RSpec.describe AlaveteliConfiguration do
+  include AlaveteliConfiguration
+
+  describe '#to_sanitized_hash' do
+    subject { described_class.to_sanitized_hash }
+    it { is_expected.to include(:INCOMING_EMAIL_SECRET => '[FILTERED]') }
+  end
+end