Closes #20834: Add support for enabling/disabling Tokens (#20864)

* feat(users): Add support for enabling/disabling Tokens Introduce an `enabled` flag on the `Token` model to allow temporarily revoking API tokens without deleting them. Update forms, serializers, and views to expose the new field. Enforce the `enabled` flag in token authentication. Add model, API, and authentication tests for the new behavior. Fixes #20834 * Fix authentication test --------- Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
2026-01-17 09:12:18 -06:00 · 2025-11-26 23:15:14 +01:00
parent b5edfa5d53
commit 513b11450d
16 changed files with 143 additions and 29 deletions
--- a/netbox/users/api/serializers_/tokens.py
+++ b/netbox/users/api/serializers_/tokens.py
@@ -32,10 +32,10 @@ class TokenSerializer(ValidatedModelSerializer):
        model = Token
        fields = (
            'id', 'url', 'display_url', 'display', 'version', 'key', 'user', 'description', 'created', 'expires',
-            'last_used', 'write_enabled', 'pepper_id', 'allowed_ips', 'token',
+            'last_used', 'enabled', 'write_enabled', 'pepper_id', 'allowed_ips', 'token',
        )
        read_only_fields = ('key',)
-        brief_fields = ('id', 'url', 'display', 'version', 'key', 'write_enabled', 'description')
+        brief_fields = ('id', 'url', 'display', 'version', 'key', 'enabled', 'write_enabled', 'description')

    def get_fields(self):
        fields = super().get_fields()
@@ -79,7 +79,7 @@ class TokenProvisionSerializer(TokenSerializer):
        model = Token
        fields = (
            'id', 'url', 'display_url', 'display', 'version', 'user', 'key', 'created', 'expires', 'last_used', 'key',
-            'write_enabled', 'description', 'allowed_ips', 'username', 'password', 'token',
+            'enabled', 'write_enabled', 'description', 'allowed_ips', 'username', 'password', 'token',
        )

    def validate(self, data):