Render AlaveteliConfiguration on admin debug page

garethrees · garethrees · commit b4dc06f3b561 · 2024-05-29T18:48:05.000+01:00
Makes it easier for less technical users to look up specific configuration values – or indeed, save technical users opening an ssh session. Fixes #1636
diff --git a/app/controllers/admin/debug_controller.rb b/app/controllers/admin/debug_controller.rb
@@ -7,5 +7,6 @@ def index
     repo = `git remote show origin -n | perl -ne 'print $1 if m{Fetch URL: .*github\\.com[:/](.*)\\.git}'`
     @github_origin = "https://github.com/#{repo}/tree/"
     @request_env = request.env
+    @alaveteli_configuration = AlaveteliConfiguration.to_sanitized_hash
   end
 end
diff --git a/app/views/admin/debug/index.html.erb b/app/views/admin/debug/index.html.erb
@@ -45,6 +45,18 @@
 
 <h2>Configuration</h2>
 
+<div class="help-block">
+  <p>
+    See the <a href="https://alaveteli.org/docs/customising/config/">
+    documentation</a> for more information about configuring Alaveteli.
+  </p>
+
+  <p>
+    Sensitive values are replaced with <tt>[FILTERED]</tt>. Use the
+    <tt>config/general.yml</tt> configuration file to view these.
+  </p>
+</div>
+
 <table class="table table-condensed table-debug">
   <tr>
     <td>Rails env:</td>
@@ -56,6 +68,15 @@
   </tr>
 </table>
 
+<table class="table table-condensed table-debug">
+  <% @alaveteli_configuration.each do |k,v| %>
+    <tr>
+      <td><%= k %></td>
+      <td><%= v %></td>
+    </tr>
+  <% end %>
+</table>
+
 <h2>Environment variables</h2>
 
 <table class="table table-condensed table-debug">
diff --git a/doc/CHANGES.md b/doc/CHANGES.md
@@ -2,6 +2,7 @@
 
 ## Highlighted Features
 
+* Render Alaveteli configuration values on admin debug page (Gareth Rees)
 * Update user email to be sent from the blackhole address (Graeme Porteous)
 * Remove ability to publicly view authority contact email addresses to prevent
   harvesting (Gareth Rees)
diff --git a/lib/configuration.rb b/lib/configuration.rb
@@ -13,6 +13,13 @@
 # TODO: Make this return different values depending on the current rails environment
 
 module AlaveteliConfiguration
+  # WARNING: AlaveteliConfiguration is rendered to admin users in
+  #          Admin::DebugController.
+  #
+  # Ensure any sensitive values match this pattern, or add to the pattern if
+  # adding a new value that doesn't fit.
+  SENSITIVE_KEY_PATTERNS = /SECRET|PASSWORD|LICENSE_KEY/
+
   unless const_defined?(:DEFAULTS)
 
     # rubocop:disable Layout/LineLength
@@ -150,4 +157,12 @@ def self.method_missing(name)
       super
     end
   end
+
+  def self.to_sanitized_hash
+    DEFAULTS.keys.each_with_object({}) do |key, memo|
+      value = send(key)
+      value = '[FILTERED]' if value.present? && key =~ SENSITIVE_KEY_PATTERNS
+      memo[key] = value
+    end
+  end
 end
