Add docs & tweak default setting

2025-08-25 08:46:10 -06:00 · 2022-11-02 10:30:33 -04:00 · 2022-11-02 10:30:33 -04:00 · 1f75c9f3e8
commit 1f75c9f3e8
parent 2550f2d27a
5 changed files with 13 additions and 6 deletions
--- a/docs/configuration/security.md
+++ b/docs/configuration/security.md
@ -1,5 +1,13 @@
 # Security & Authentication Parameters

+## ALLOW_TOKEN_RETRIEVAL
+
+Default: True
+
+If disabled, the values of API tokens will not be displayed after each token's initial creation. A user **must** record the value of a token immediately upon its creation, or it will be lost. Note that this affects _all_ users, regardless of assigned permissions.
+
+---
+
 ## ALLOWED_URL_SCHEMES

 !!! tip "Dynamic Configuration Parameter"
--- a/docs/integrations/rest-api.md
+++ b/docs/integrations/rest-api.md
@ -579,6 +579,9 @@ By default, a token can be used to perform all actions via the API that a user w

 Additionally, a token can be set to expire at a specific time. This can be useful if an external client needs to be granted temporary access to NetBox.

+!!! warning "Restricting Token Retrieval"
+    The ability to retrieve the key value of a previously-created API token can be restricted by disabling the [`ALLOW_TOKEN_RETRIEVAL`](../configuration/security.md#allow_token_retrieval) configuration parameter.
+
 #### Client IP Restriction

 !!! note
--- a/docs/release-notes/version-3.4.md
+++ b/docs/release-notes/version-3.4.md
@ -24,6 +24,7 @@ A new `PluginMenu` class has been introduced, which enables a plugin to inject a

 * [#8245](https://github.com/netbox-community/netbox/issues/8245) - Enable GraphQL filtering of related objects
 * [#8274](https://github.com/netbox-community/netbox/issues/8274) - Enable associating a custom link with multiple object types
+* [#8853](https://github.com/netbox-community/netbox/issues/8853) - Introduce the `ALLOW_TOKEN_RETRIEVAL` config parameter to restrict the display of API tokens
 * [#9249](https://github.com/netbox-community/netbox/issues/9249) - Device and virtual machine names are no longer case-sensitive
 * [#9478](https://github.com/netbox-community/netbox/issues/9478) - Add `link_peers` field to GraphQL types for cabled objects
 * [#9654](https://github.com/netbox-community/netbox/issues/9654) - Add `weight` field to racks, device types, and module types
--- a/netbox/netbox/settings.py
+++ b/netbox/netbox/settings.py
@ -71,7 +71,7 @@ DEPLOYMENT_ID = hashlib.sha256(SECRET_KEY.encode('utf-8')).hexdigest()[:16]

 # Set static config parameters
 ADMINS = getattr(configuration, 'ADMINS', [])
-ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', False)
+ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', True)
 AUTH_PASSWORD_VALIDATORS = getattr(configuration, 'AUTH_PASSWORD_VALIDATORS', [])
 BASE_PATH = getattr(configuration, 'BASE_PATH', '')
 if BASE_PATH:
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@ -273,11 +273,6 @@ class TokenEditView(LoginRequiredMixin, View):
            form = TokenForm(request.POST)

        if form.is_valid():
-            if 'view_token' in request.POST and request.POST['view_token']:
-                if '_addanother' in request.POST:
-                    return redirect(request.path)
-                else:
-                    return redirect('users:token_list')

            token = form.save(commit=False)
            token.user = request.user