From 1f75c9f3e8b69092f5322fcd00e06c25d0cfcfec Mon Sep 17 00:00:00 2001 From: jeremystretch Date: Wed, 2 Nov 2022 10:30:33 -0400 Subject: [PATCH] Add docs & tweak default setting --- docs/configuration/security.md | 8 ++++++++ docs/integrations/rest-api.md | 3 +++ docs/release-notes/version-3.4.md | 1 + netbox/netbox/settings.py | 2 +- netbox/users/views.py | 5 ----- 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/docs/configuration/security.md b/docs/configuration/security.md index 6aa363b1a..b8c2b1e11 100644 --- a/docs/configuration/security.md +++ b/docs/configuration/security.md @@ -1,5 +1,13 @@ # Security & Authentication Parameters +## ALLOW_TOKEN_RETRIEVAL + +Default: True + +If disabled, the values of API tokens will not be displayed after each token's initial creation. A user **must** record the value of a token immediately upon its creation, or it will be lost. Note that this affects _all_ users, regardless of assigned permissions. + +--- + ## ALLOWED_URL_SCHEMES !!! tip "Dynamic Configuration Parameter" diff --git a/docs/integrations/rest-api.md b/docs/integrations/rest-api.md index 3a5aed055..6f54a8cb0 100644 --- a/docs/integrations/rest-api.md +++ b/docs/integrations/rest-api.md @@ -579,6 +579,9 @@ By default, a token can be used to perform all actions via the API that a user w Additionally, a token can be set to expire at a specific time. This can be useful if an external client needs to be granted temporary access to NetBox. +!!! warning "Restricting Token Retrieval" + The ability to retrieve the key value of a previously-created API token can be restricted by disabling the [`ALLOW_TOKEN_RETRIEVAL`](../configuration/security.md#allow_token_retrieval) configuration parameter. + #### Client IP Restriction !!! note diff --git a/docs/release-notes/version-3.4.md b/docs/release-notes/version-3.4.md index 5ca84c996..c16d88d43 100644 --- a/docs/release-notes/version-3.4.md +++ b/docs/release-notes/version-3.4.md @@ -24,6 +24,7 @@ A new `PluginMenu` class has been introduced, which enables a plugin to inject a * [#8245](https://github.com/netbox-community/netbox/issues/8245) - Enable GraphQL filtering of related objects * [#8274](https://github.com/netbox-community/netbox/issues/8274) - Enable associating a custom link with multiple object types +* [#8853](https://github.com/netbox-community/netbox/issues/8853) - Introduce the `ALLOW_TOKEN_RETRIEVAL` config parameter to restrict the display of API tokens * [#9249](https://github.com/netbox-community/netbox/issues/9249) - Device and virtual machine names are no longer case-sensitive * [#9478](https://github.com/netbox-community/netbox/issues/9478) - Add `link_peers` field to GraphQL types for cabled objects * [#9654](https://github.com/netbox-community/netbox/issues/9654) - Add `weight` field to racks, device types, and module types diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index 3f1add134..130977463 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -71,7 +71,7 @@ DEPLOYMENT_ID = hashlib.sha256(SECRET_KEY.encode('utf-8')).hexdigest()[:16] # Set static config parameters ADMINS = getattr(configuration, 'ADMINS', []) -ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', False) +ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', True) AUTH_PASSWORD_VALIDATORS = getattr(configuration, 'AUTH_PASSWORD_VALIDATORS', []) BASE_PATH = getattr(configuration, 'BASE_PATH', '') if BASE_PATH: diff --git a/netbox/users/views.py b/netbox/users/views.py index 0cda966ed..fe1181fc1 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -273,11 +273,6 @@ class TokenEditView(LoginRequiredMixin, View): form = TokenForm(request.POST) if form.is_valid(): - if 'view_token' in request.POST and request.POST['view_token']: - if '_addanother' in request.POST: - return redirect(request.path) - else: - return redirect('users:token_list') token = form.save(commit=False) token.user = request.user