8853 hide api token

netbox/netbox/configuration_example.py

@@ -224,3 +224,7 @@ TIME_FORMAT = 'g:i a'
 SHORT_TIME_FORMAT = 'H:i:s'
 DATETIME_FORMAT = 'N j, Y g:i a'
 SHORT_DATETIME_FORMAT = 'Y-m-d H:i'
+
+# Allow API Tokens to be viewed after creation.  Before NetBox 3.4 the default was to allow viewing of the tokens
+# so this flag was created for backwards compatability.
+ALLOW_TOKEN_RETRIEVAL = False

netbox/netbox/settings.py

@@ -71,6 +71,7 @@ DEPLOYMENT_ID = hashlib.sha256(SECRET_KEY.encode('utf-8')).hexdigest()[:16]
 
 # Set static config parameters
 ADMINS = getattr(configuration, 'ADMINS', [])
+ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', False)
 AUTH_PASSWORD_VALIDATORS = getattr(configuration, 'AUTH_PASSWORD_VALIDATORS', [])
 BASE_PATH = getattr(configuration, 'BASE_PATH', '')
 if BASE_PATH:

netbox/users/tables.py

@@ -1,3 +1,4 @@
+from django.conf import settings
 from .models import Token
 from netbox.tables import NetBoxTable, columns
 
@@ -38,5 +39,11 @@ class TokenTable(NetBoxTable):
     class Meta(NetBoxTable.Meta):
         model = Token
         fields = (
-            'pk', 'key', 'write_enabled', 'created', 'expires', 'last_used', 'allowed_ips', 'description',
+            'pk', 'description', 'key', 'write_enabled', 'created', 'expires', 'last_used', 'allowed_ips',
         )
+
+    def render_key(self, value):
+        if settings.ALLOW_TOKEN_RETRIEVAL:
+            return value
+        else:
+            return "****************************************"