diff --git a/netbox/templates/generic/object_edit.html b/netbox/templates/generic/object_edit.html index 56e4f5a32..bc970f4a1 100644 --- a/netbox/templates/generic/object_edit.html +++ b/netbox/templates/generic/object_edit.html @@ -109,9 +109,11 @@ Context: + {% if not disable_addanother %} + {% endif %} {% endif %} Cancel {% endblock buttons %} diff --git a/netbox/templates/users/api_token.html b/netbox/templates/users/api_token.html new file mode 100644 index 000000000..753c93935 --- /dev/null +++ b/netbox/templates/users/api_token.html @@ -0,0 +1,35 @@ +{% extends 'generic/object.html' %} +{% load helpers %} +{% load plugins %} + +{% block content %} +
+
+
+
Token Created
+
+

The token has been created, you will need to copy the key as it will no longer be displayed for security purposes.

+ + + + + +
Key{{ object.key }}
+
+ {% csrf_token %} +
+
+ + Cancel +
+
+
+ +
+
+ {% plugin_left_page object %} +
+
+{% endblock %} diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 62b17a663..b07177d8a 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -10,6 +10,7 @@ urlpatterns = [ path('password/', views.ChangePasswordView.as_view(), name='change_password'), path('api-tokens/', views.TokenListView.as_view(), name='token_list'), path('api-tokens/add/', views.TokenEditView.as_view(), name='token_add'), + path('api-tokens//', views.TokenKeyView.as_view(), name='token_key'), path('api-tokens//edit/', views.TokenEditView.as_view(), name='token_edit'), path('api-tokens//delete/', views.TokenDeleteView.as_view(), name='token_delete'), diff --git a/netbox/users/views.py b/netbox/users/views.py index 33ef3fadd..0224e3711 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -261,6 +261,7 @@ class TokenEditView(LoginRequiredMixin, View): 'object': token, 'form': form, 'return_url': reverse('users:token_list'), + 'disable_addanother': not settings.ALLOW_TOKEN_RETRIEVAL }) def post(self, request, pk=None): @@ -280,7 +281,9 @@ class TokenEditView(LoginRequiredMixin, View): msg = f"Modified token {token}" if pk else f"Created token {token}" messages.success(request, msg) - if '_addanother' in request.POST: + if not pk and not settings.ALLOW_TOKEN_RETRIEVAL: + return redirect('users:token_key', pk=token.pk) + elif '_addanother' in request.POST: return redirect(request.path) else: return redirect('users:token_list') @@ -289,6 +292,7 @@ class TokenEditView(LoginRequiredMixin, View): 'object': token, 'form': form, 'return_url': reverse('users:token_list'), + 'disable_addanother': not settings.ALLOW_TOKEN_RETRIEVAL }) @@ -322,3 +326,23 @@ class TokenDeleteView(LoginRequiredMixin, View): 'form': form, 'return_url': reverse('users:token_list'), }) + + +class TokenKeyView(LoginRequiredMixin, View): + + def get(self, request, pk): + token = get_object_or_404(Token.objects.filter(user=request.user), pk=pk) + + return render(request, 'users/api_token.html', { + 'object': token, + 'key': token.key, + 'return_url': reverse('users:token_list'), + }) + + def post(self, request, pk): + token = get_object_or_404(Token.objects.filter(user=request.user), pk=pk) + + if '_addanother' in request.POST: + return redirect('users:token_add') + else: + return redirect('users:token_list')