From 331f3b01c26bc1edd7cb96c9e1061666cf006e23 Mon Sep 17 00:00:00 2001 From: Tijmen Brommet Date: Wed, 17 Jul 2019 11:45:44 +0100 Subject: [PATCH] Don't show HTTP Basic auth on dev dashboard The dashboard will show the URL for the content store and search, which will contain a username/password combo for integration. This hides the info. --- Gemfile | 1 - Gemfile.lock | 8 -------- app/controllers/development_controller.rb | 11 +++++++++++ app/views/development/index.html.erb | 6 +++--- startup.sh | 2 +- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index 495aefe83..677d913fb 100644 --- a/Gemfile +++ b/Gemfile @@ -25,7 +25,6 @@ group :development, :test do gem 'govuk-lint' gem 'govuk_schemas', '~> 3.3' gem 'jasmine-rails' - gem 'pry-byebug' end group :development do diff --git a/Gemfile.lock b/Gemfile.lock index 407f20726..87aadd91d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -64,7 +64,6 @@ GEM binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) builder (3.2.3) - byebug (11.0.0) capybara (3.26.0) addressable mini_mime (>= 0.1.3) @@ -198,12 +197,6 @@ GEM ast (~> 2.4.0) phantomjs (2.1.1.0) plek (3.0.0) - pry (0.12.2) - coderay (~> 1.1.0) - method_source (~> 0.9.0) - pry-byebug (3.7.0) - byebug (~> 11.0) - pry (~> 0.10) public_suffix (3.1.1) puma (4.0.0) nio4r (~> 2.0) @@ -383,7 +376,6 @@ DEPENDENCIES minitest-reporters mocha plek (~> 3.0) - pry-byebug rack_strip_client_ip (~> 0.0.2) rails (~> 5.2.3) rails-controller-testing (~> 1.0) diff --git a/app/controllers/development_controller.rb b/app/controllers/development_controller.rb index 988bb4f41..30a7282c5 100644 --- a/app/controllers/development_controller.rb +++ b/app/controllers/development_controller.rb @@ -12,4 +12,15 @@ def index @paths = YAML.load_file("test/wraith/config.yaml")["paths"] end + +private + + helper_method :remove_secrets + + def remove_secrets(original_url) + parsed_url = URI.parse(original_url) + original_url = original_url.gsub(parsed_url.user, "***") if parsed_url.user + original_url = original_url.gsub(parsed_url.password, "***") if parsed_url.password + original_url + end end diff --git a/app/views/development/index.html.erb b/app/views/development/index.html.erb index 1ef2fe4a5..0de78fac4 100644 --- a/app/views/development/index.html.erb +++ b/app/views/development/index.html.erb @@ -28,15 +28,15 @@ - + - + - +
Content store<%= link_to Plek.find('content-store'), Plek.find('content-store') %><%= link_to remove_secrets(Plek.find('content-store')), remove_secrets(Plek.find('content-store')) %>
Static<%= link_to Plek.find('static'), Plek.find('static') %><%= link_to remove_secrets(Plek.find('static')), remove_secrets(Plek.find('static')) %>
Search<%= link_to Plek.find('search'), Plek.find('search') %><%= link_to remove_secrets(Plek.find('search')), remove_secrets(Plek.find('search')) %>
diff --git a/startup.sh b/startup.sh index 4c98ea7de..31b2a2fd4 100755 --- a/startup.sh +++ b/startup.sh @@ -5,7 +5,7 @@ bundle install function set_env() { export GOVUK_APP_DOMAIN=www.$1 export GOVUK_WEBSITE_ROOT=https://www.$1 - export PLEK_SERVICE_CONTENT_STORE_URI=${PLEK_SERVICE_CONTENT_STORE_URI-https://www.$1/api} + export PLEK_SERVICE_CONTENT_STORE_URI=${PLEK_SERVICE_CONTENT_STORE_URI-https://test:bla@www.$1/api} export PLEK_SERVICE_RUMMAGER_URI=${PLEK_SERVICE_RUMMAGER_URI-https://www.$1/api} export PLEK_SERVICE_SEARCH_URI=${PLEK_SERVICE_SEARCH_URI-https://www.$1/api} }