mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 17:46:05 -05:00
BUGFIX: hide sensitive site settings
This commit is contained in:
parent
a1f80e9e51
commit
8d73b7f94d
4 changed files with 21 additions and 16 deletions
|
@ -71,9 +71,10 @@ Discourse.SiteSetting = Discourse.Model.extend({
|
|||
**/
|
||||
save: function() {
|
||||
// Update the setting
|
||||
var setting = this;
|
||||
return Discourse.ajax("/admin/site_settings/" + (this.get('setting')), {
|
||||
data: { value: this.get('value') },
|
||||
var setting = this, data = {};
|
||||
data[this.get('setting')] = this.get('value');
|
||||
return Discourse.ajax("/admin/site_settings/" + this.get('setting'), {
|
||||
data: data,
|
||||
type: 'PUT'
|
||||
}).then(function() {
|
||||
setting.set('originalValue', setting.get('value'));
|
||||
|
|
|
@ -7,9 +7,11 @@ class Admin::SiteSettingsController < Admin::AdminController
|
|||
end
|
||||
|
||||
def update
|
||||
raise ActionController::ParameterMissing.new(:value) unless params.has_key?(:value)
|
||||
StaffActionLogger.new(current_user).log_site_setting_change(params[:id], SiteSetting.send("#{params[:id]}"), params[:value]) if SiteSetting.respond_to?(params[:id])
|
||||
SiteSetting.send("#{params[:id]}=", params[:value])
|
||||
params.require(:id)
|
||||
id = params[:id]
|
||||
value = params[id]
|
||||
StaffActionLogger.new(current_user).log_site_setting_change(id, SiteSetting.send(id), value) if SiteSetting.respond_to?(id)
|
||||
SiteSetting.send("#{id}=", value)
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
|
|
|
@ -88,7 +88,15 @@ module Discourse
|
|||
config.encoding = 'utf-8'
|
||||
|
||||
# Configure sensitive parameters which will be filtered from the log file.
|
||||
config.filter_parameters += [:password]
|
||||
config.filter_parameters += [
|
||||
:password,
|
||||
:pop3s_polling_password,
|
||||
:s3_secret_access_key,
|
||||
:twitter_consumer_secret,
|
||||
:facebook_app_secret,
|
||||
:github_client_secret,
|
||||
:discourse_org_access_key,
|
||||
]
|
||||
|
||||
# Enable the asset pipeline
|
||||
config.assets.enabled = true
|
||||
|
|
|
@ -25,30 +25,24 @@ describe Admin::SiteSettingsController do
|
|||
|
||||
context 'update' do
|
||||
|
||||
it 'requires a value parameter' do
|
||||
lambda { xhr :put, :update, id: 'test_setting' }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
it 'sets the value when the param is present' do
|
||||
SiteSetting.expects(:'test_setting=').with('hello').once
|
||||
xhr :put, :update, id: 'test_setting', value: 'hello'
|
||||
xhr :put, :update, id: 'test_setting', test_setting: 'hello'
|
||||
end
|
||||
|
||||
it 'allows value to be a blank string' do
|
||||
SiteSetting.expects(:'test_setting=').with('').once
|
||||
xhr :put, :update, id: 'test_setting', value: ''
|
||||
xhr :put, :update, id: 'test_setting', test_setting: ''
|
||||
end
|
||||
|
||||
it 'logs the change' do
|
||||
SiteSetting.stubs(:test_setting).returns('previous')
|
||||
SiteSetting.expects(:'test_setting=').with('hello').once
|
||||
StaffActionLogger.any_instance.expects(:log_site_setting_change).with('test_setting', 'previous', 'hello')
|
||||
xhr :put, :update, id: 'test_setting', value: 'hello'
|
||||
xhr :put, :update, id: 'test_setting', test_setting: 'hello'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue