NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-12-27 15:47:46 -06:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Closes #20492: Disable API token plaintext retrieval

Browse Source
This commit is contained in:
Jeremy Stretch
2025-10-14 14:57:37 -04:00
parent b7cc4c418b
commit 2bebfccf9b
8 changed files with 10 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
netbox/users/forms/model_forms.py
View File

@@ -1,7 +1,6 @@
import json
from django import forms
from django.conf import settings
from django.contrib.auth import password_validation
from django.contrib.postgres.forms import SimpleArrayField
from django.core.exceptions import FieldError
@@ -115,7 +114,7 @@ class UserTokenForm(forms.ModelForm):
label=_('Token'),
help_text=_(
'Tokens must be at least 40 characters in length. <strong>Be sure to record your key</strong> prior to '
'submitting this form, as it may no longer be accessible once the token has been created.'
'submitting this form, as it will no longer be accessible once the token has been created.'
),
widget=forms.TextInput(
attrs={'data-clipboard': 'true'}
@@ -148,11 +147,8 @@ class UserTokenForm(forms.ModelForm):
self.fields['version'].disabled = True
self.fields['user'].disabled = True
# Omit the key field when editing an existing token if token retrieval is not permitted
if self.instance.v1 and settings.ALLOW_TOKEN_RETRIEVAL:
self.initial['token'] = self.instance.plaintext
else:
del self.fields['token']
# Omit the key field when editing an existing Token
del self.fields['token']
# Generate an initial random key if none has been specified
elif self.instance._state.adding and not self.initial.get('token'):

9
netbox/users/tables.py
View File

@@ -11,13 +11,7 @@ __all__ = (
'UserTable',
)
TOKEN = """<samp><a href="{{ record.get_absolute_url }}" id="token_{{ record.pk }}">{{ record }}</a></samp>"""
COPY_BUTTON = """
{% if settings.ALLOW_TOKEN_RETRIEVAL %}
{% copy_content record.pk prefix="token_" color="success" %}
{% endif %}
"""
TOKEN = """<samp><a href="{{ record.get_absolute_url }}">{{ record }}</a></samp>"""
class TokenTable(NetBoxTable):
@@ -48,7 +42,6 @@ class TokenTable(NetBoxTable):
)
actions = columns.ActionsColumn(
actions=('edit', 'delete'),
extra_buttons=COPY_BUTTON
)
class Meta(NetBoxTable.Meta):