Update source translation strings

Fixes #21178: Add spacing in mounting depth format string

.github/ISSUE_TEMPLATE/06-deprecation.yaml

@@ -1,20 +1,26 @@
 ---
-name: 🗑️ Deprecation
+name: ⚠️ Deprecation
 type: Deprecation
-description: The removal of an existing feature or resource
+description: Designation of a feature or behavior that will be removed in a future release
 labels: ["netbox", "type: deprecation"]
 body:
   - type: textarea
     attributes:
-      label: Proposed Changes
+      label: Deprecated Functionality
       description: >
-        Describe in detail the proposed changes. What is being removed?
+        Describe the feature(s) and/or behavior that is being flagged for deprecation.
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Scheduled removal
+      description: In what future release will the deprecated functionality be removed?
     validations:
       required: true
   - type: textarea
     attributes:
       label: Justification
-      description: Please provide justification for the proposed change(s).
+      description: Please provide justification for the deprecation.
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/07-feature_removal.yaml

@@ -0,0 +1,20 @@
+---
+name: 🗑️ Feature Removal
+type: Removal
+description: The removal of a deprecated feature or resource
+labels: ["netbox", "type: removal"]
+body:
+  - type: input
+    attributes:
+      label: Deprecation Issue
+      description: Specify the issue in which this deprecation was announced.
+      placeholder: "#1234"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Summary of Changes
+      description: >
+        List all changes necessary to remove the deprecated feature or resource.
+    validations:
+      required: true

.github/workflows/codeql.yml

@@ -30,13 +30,13 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
         config-file: .github/codeql/codeql-config.yml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"

docs/features/change-logging.md

@@ -10,9 +10,11 @@ Change records are exposed in the API via the read-only endpoint `/api/extras/ob
 
 ## User Messages
 
-!!! info "This feature was introduced in NetBox v4.4."
+When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message (up to 200 characters) that will appear in the change record. This can be helpful to capture additional context, such as the reason for a change or a reference to an external ticket.
 
-When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message that will appear in the change record. This can be helpful to capture additional context, such as the reason for the change.
+When editing an object via the web UI, the "Changelog message" field appears at the bottom of the form. This field is optional. The changelog message field is available in object create forms, object edit forms, delete confirmation dialogs, and bulk operations.
+
+For information on including changelog messages when making changes via the REST API, see [Changelog Messages](../integrations/rest-api.md#changelog-messages).
 
 ## Correlating Changes by Request
 

docs/integrations/rest-api.md

@@ -610,9 +610,7 @@ http://netbox/api/dcim/sites/ \
 
 ## Changelog Messages
 
-!!! info "This feature was introduced in NetBox v4.4."
+Most objects in NetBox support [change logging](../features/change-logging.md), which generates a detailed record each time an object is created, modified, or deleted. Additionally, users can attach a message to the change record as well. This is accomplished via the REST API by including a `changelog_message` field in the object representation.
-
-Most objects in NetBox support [change logging](../features/change-logging.md), which generates a detailed record each time an object is created, modified, or deleted. Beginning in NetBox v4.4, users can attach a message to the change record as well. This is accomplished via the REST API by including a `changelog_message` field in the object representation.
 
 For example, the following API request will create a new site and record a message in the resulting changelog entry:
 
@@ -628,7 +626,7 @@ http://netbox/api/dcim/sites/ \
 }'
 ```
 
-This approach works when creating, modifying, or deleting objects, either individually or in bulk.
+This approach works when creating, modifying, or deleting objects, either individually or in bulk. For more information about change logging, see [Change Logging](../features/change-logging.md).
 
 ## Uploading Files
 

netbox/core/api/serializers_/data.py

@@ -44,3 +44,4 @@ class DataFileSerializer(NetBoxModelSerializer):
             'id', 'url', 'display_url', 'display', 'source', 'path', 'last_updated', 'size', 'hash',
         ]
         brief_fields = ('id', 'url', 'display', 'path')
+        read_only_fields = ['path', 'last_updated', 'size', 'hash']

netbox/core/models/data.py

@@ -12,7 +12,7 @@ from django.core.validators import RegexValidator
 from django.db import models
 from django.urls import reverse
 from django.utils import timezone
-from django.utils.translation import gettext as _
+from django.utils.translation import gettext_lazy as _
 
 from netbox.constants import CENSOR_TOKEN, CENSOR_TOKEN_CHANGED
 from netbox.models import PrimaryModel
@@ -128,7 +128,9 @@ class DataSource(JobsMixin, PrimaryModel):
         # Ensure URL scheme matches selected type
         if self.backend_class.is_local and self.url_scheme not in ('file', ''):
             raise ValidationError({
-                'source_url': "URLs for local sources must start with file:// (or specify no scheme)"
+                'source_url': _("URLs for local sources must start with {scheme} (or specify no scheme)").format(
+                    scheme='file://'
+                )
             })
 
     def save(self, *args, **kwargs):

netbox/dcim/graphql/filter_mixins.py

@@ -38,6 +38,15 @@ class ScopedFilterMixin:
 
 @dataclass
 class ComponentModelFilterMixin:
+    _site: Annotated['SiteFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
+        strawberry_django.filter_field(name='site')
+    )
+    _location: Annotated['LocationFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
+        strawberry_django.filter_field(name='location')
+    )
+    _rack: Annotated['RackFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
+        strawberry_django.filter_field(name='rack')
+    )
     device: Annotated['DeviceFilter', strawberry.lazy('dcim.graphql.filters')] | None = strawberry_django.filter_field()
     device_id: ID | None = strawberry_django.filter_field()
     name: FilterLookup[str] | None = strawberry_django.filter_field()

netbox/dcim/signals.py

@@ -211,12 +211,16 @@ def sync_cached_scope_fields(instance, created, **kwargs):
     for model in (Prefix, Cluster, WirelessLAN):
         qs = model.objects.filter(**filters)
 
+        # Bulk update cached fields to avoid O(N) performance issues with large datasets.
+        # This does not trigger post_save signals, avoiding spurious change log entries.
+        objects_to_update = []
         for obj in qs:
             # Recompute cache using the same logic as save()
             obj.cache_related_objects()
-            obj.save(update_fields=[
+            objects_to_update.append(obj)
-                '_location',
+
-                '_site',
+        if objects_to_update:
-                '_site_group',
+            model.objects.bulk_update(
-                '_region',
+                objects_to_update,
-            ])
+                ['_location', '_site', '_site_group', '_region']
+            )

netbox/extras/api/serializers_/configcontexts.py

@@ -28,7 +28,7 @@ class ConfigContextProfileSerializer(PrimaryModelSerializer):
     )
     data_file = DataFileSerializer(
         nested=True,
-        read_only=True
+        required=False
     )
 
     class Meta:
@@ -143,7 +143,7 @@ class ConfigContextSerializer(OwnerMixin, ChangeLogMessageSerializer, ValidatedM
     )
     data_file = DataFileSerializer(
         nested=True,
-        read_only=True
+        required=False
     )
 
     class Meta:

netbox/extras/tests/test_api.py

@@ -1,4 +1,5 @@
 import datetime
+import hashlib
 
 from django.contrib.contenttypes.models import ContentType
 from django.urls import reverse
@@ -7,7 +8,7 @@ from rest_framework import status
 
 from core.choices import ManagedFileRootPathChoices
 from core.events import *
-from core.models import ObjectType
+from core.models import DataFile, DataSource, ObjectType
 from dcim.models import Device, DeviceRole, DeviceType, Manufacturer, Rack, Location, RackRole, Site
 from extras.choices import *
 from extras.models import *
@@ -731,6 +732,51 @@ class ConfigContextProfileTest(APIViewTestCases.APIViewTestCase):
         )
         ConfigContextProfile.objects.bulk_create(profiles)
 
+    def test_update_data_source_and_data_file(self):
+        """
+        Regression test: Ensure data_source and data_file can be assigned via the API.
+
+        This specifically covers PATCHing a ConfigContext with integer IDs for both fields.
+        """
+        self.add_permissions(
+            'core.view_datafile',
+            'core.view_datasource',
+            'extras.view_configcontextprofile',
+            'extras.change_configcontextprofile',
+        )
+        config_context_profile = ConfigContextProfile.objects.first()
+
+        # Create a data source and file
+        datasource = DataSource.objects.create(
+            name='Data Source 1',
+            type='local',
+            source_url='file:///tmp/netbox-datasource/',
+        )
+        # Generate a valid dummy YAML file
+        file_data = b'profile: configcontext\n'
+        datafile = DataFile.objects.create(
+            source=datasource,
+            path='dir1/file1.yml',
+            last_updated=now(),
+            size=len(file_data),
+            hash=hashlib.sha256(file_data).hexdigest(),
+            data=file_data,
+        )
+
+        url = self._get_detail_url(config_context_profile)
+        payload = {
+            'data_source': datasource.pk,
+            'data_file': datafile.pk,
+        }
+        response = self.client.patch(url, payload, format='json', **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+
+        config_context_profile.refresh_from_db()
+        self.assertEqual(config_context_profile.data_source_id, datasource.pk)
+        self.assertEqual(config_context_profile.data_file_id, datafile.pk)
+        self.assertEqual(response.data['data_source']['id'], datasource.pk)
+        self.assertEqual(response.data['data_file']['id'], datafile.pk)
+
 
 class ConfigContextTest(APIViewTestCases.APIViewTestCase):
     model = ConfigContext
@@ -812,6 +858,51 @@ class ConfigContextTest(APIViewTestCases.APIViewTestCase):
         rendered_context = device.get_config_context()
         self.assertEqual(rendered_context['bar'], 456)
 
+    def test_update_data_source_and_data_file(self):
+        """
+        Regression test: Ensure data_source and data_file can be assigned via the API.
+
+        This specifically covers PATCHing a ConfigContext with integer IDs for both fields.
+        """
+        self.add_permissions(
+            'core.view_datafile',
+            'core.view_datasource',
+            'extras.view_configcontext',
+            'extras.change_configcontext',
+        )
+        config_context = ConfigContext.objects.first()
+
+        # Create a data source and file
+        datasource = DataSource.objects.create(
+            name='Data Source 1',
+            type='local',
+            source_url='file:///tmp/netbox-datasource/',
+        )
+        # Generate a valid dummy YAML file
+        file_data = b'context: config\n'
+        datafile = DataFile.objects.create(
+            source=datasource,
+            path='dir1/file1.yml',
+            last_updated=now(),
+            size=len(file_data),
+            hash=hashlib.sha256(file_data).hexdigest(),
+            data=file_data,
+        )
+
+        url = self._get_detail_url(config_context)
+        payload = {
+            'data_source': datasource.pk,
+            'data_file': datafile.pk,
+        }
+        response = self.client.patch(url, payload, format='json', **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+
+        config_context.refresh_from_db()
+        self.assertEqual(config_context.data_source_id, datasource.pk)
+        self.assertEqual(config_context.data_file_id, datafile.pk)
+        self.assertEqual(response.data['data_source']['id'], datasource.pk)
+        self.assertEqual(response.data['data_file']['id'], datafile.pk)
+
 
 class ConfigTemplateTest(APIViewTestCases.APIViewTestCase):
     model = ConfigTemplate

netbox/ipam/forms/model_forms.py

@@ -372,8 +372,8 @@ class IPAddressForm(TenancyForm, PrimaryModelForm):
                     'virtual_machine_id': instance.assigned_object.virtual_machine.pk,
                 })
 
-        # Disable object assignment fields if the IP address is designated as primary
+        # Disable object assignment fields if the IP address is designated as primary or OOB
-        if self.initial.get('primary_for_parent'):
+        if self.initial.get('primary_for_parent') or self.initial.get('oob_for_parent'):
             self.fields['interface'].disabled = True
             self.fields['vminterface'].disabled = True
             self.fields['fhrpgroup'].disabled = True

netbox/ipam/models/ip.py

@@ -940,6 +940,13 @@ class IPAddress(ContactsMixin, PrimaryModel):
                     _("Cannot reassign IP address while it is designated as the primary IP for the parent object")
                 )
 
+            # can't use is_oob_ip as self.assigned_object might be changed
+            if hasattr(original_parent, 'oob_ip') and original_parent.oob_ip_id == self.pk:
+                if parent != original_parent:
+                    raise ValidationError(
+                        _("Cannot reassign IP address while it is designated as the OOB IP for the parent object")
+                    )
+
         # Validate IP status selection
         if self.status == IPAddressStatusChoices.STATUS_SLAAC and self.family != 6:
             raise ValidationError({

netbox/netbox/graphql/filters.py

@@ -3,7 +3,7 @@ from typing import TYPE_CHECKING
 
 import strawberry_django
 from strawberry import ID
-from strawberry_django import FilterLookup
+from strawberry_django import ComparisonFilterLookup, FilterLookup
 
 from core.graphql.filter_mixins import ChangeLoggingMixin
 from extras.graphql.filter_mixins import CustomFieldsFilterMixin, JournalEntriesFilterMixin, TagsFilterMixin
@@ -23,7 +23,7 @@ __all__ = (
 
 @dataclass
 class BaseModelFilter:
-    id: FilterLookup[ID] | None = strawberry_django.filter_field()
+    id: ComparisonFilterLookup[ID] | None = strawberry_django.filter_field()
 
 
 class ChangeLoggedModelFilter(ChangeLoggingMixin, BaseModelFilter):

netbox/netbox/plugins/navigation.py

@@ -37,8 +37,6 @@ class PluginMenuItem:
     Alternatively, a pre-generated url can be set on the object which will be rendered literally.
     Buttons are each specified as a list of PluginMenuButton instances.
     """
-    permissions = []
-    buttons = []
     _url = None
 
     def __init__(
@@ -54,10 +52,14 @@ class PluginMenuItem:
             if type(permissions) not in (list, tuple):
                 raise TypeError(_("Permissions must be passed as a tuple or list."))
             self.permissions = permissions
+        else:
+            self.permissions = []
         if buttons is not None:
             if type(buttons) not in (list, tuple):
                 raise TypeError(_("Buttons must be passed as a tuple or list."))
             self.buttons = buttons
+        else:
+            self.buttons = []
 
     @property
     def url(self):
@@ -74,7 +76,6 @@ class PluginMenuButton:
     ButtonColorChoices.
     """
     color = ButtonColorChoices.DEFAULT
-    permissions = []
     _url = None
 
     def __init__(self, link, title, icon_class, color=None, permissions=None):
@@ -87,6 +88,8 @@ class PluginMenuButton:
             if type(permissions) not in (list, tuple):
                 raise TypeError(_("Permissions must be passed as a tuple or list."))
             self.permissions = permissions
+        else:
+            self.permissions = []
         if color is not None:
             if color not in ButtonColorChoices.values():
                 raise ValueError(_("Button color must be a choice within ButtonColorChoices."))

netbox/netbox/tests/test_plugins.py

@@ -11,7 +11,7 @@ from netbox.tests.dummy_plugin import config as dummy_config
 from netbox.tests.dummy_plugin.data_backends import DummyBackend
 from netbox.tests.dummy_plugin.jobs import DummySystemJob
 from netbox.tests.dummy_plugin.webhook_callbacks import set_context
-from netbox.plugins.navigation import PluginMenu
+from netbox.plugins.navigation import PluginMenu, PluginMenuItem, PluginMenuButton
 from netbox.plugins.utils import get_plugin_config
 from netbox.graphql.schema import Query
 from netbox.registry import registry
@@ -227,3 +227,46 @@ class PluginTest(TestCase):
         Test the registration of webhook callbacks.
         """
         self.assertIn(set_context, registry['webhook_callbacks'])
+
+
+class PluginNavigationTest(TestCase):
+
+    def test_plugin_menu_item_independent_permissions(self):
+        item1 = PluginMenuItem(link='test1', link_text='Test 1')
+        item1.permissions.append('leaked_permission')
+
+        item2 = PluginMenuItem(link='test2', link_text='Test 2')
+
+        self.assertIsNot(item1.permissions, item2.permissions)
+        self.assertEqual(item1.permissions, ['leaked_permission'])
+        self.assertEqual(item2.permissions, [])
+
+    def test_plugin_menu_item_independent_buttons(self):
+        item1 = PluginMenuItem(link='test1', link_text='Test 1')
+        button = PluginMenuButton(link='button1', title='Button 1', icon_class='mdi-test')
+        item1.buttons.append(button)
+
+        item2 = PluginMenuItem(link='test2', link_text='Test 2')
+
+        self.assertIsNot(item1.buttons, item2.buttons)
+        self.assertEqual(len(item1.buttons), 1)
+        self.assertEqual(item1.buttons[0], button)
+        self.assertEqual(item2.buttons, [])
+
+    def test_plugin_menu_button_independent_permissions(self):
+        button1 = PluginMenuButton(link='button1', title='Button 1', icon_class='mdi-test')
+        button1.permissions.append('leaked_permission')
+
+        button2 = PluginMenuButton(link='button2', title='Button 2', icon_class='mdi-test')
+
+        self.assertIsNot(button1.permissions, button2.permissions)
+        self.assertEqual(button1.permissions, ['leaked_permission'])
+        self.assertEqual(button2.permissions, [])
+
+    def test_explicit_permissions_remain_independent(self):
+        item1 = PluginMenuItem(link='test1', link_text='Test 1', permissions=['explicit_permission'])
+        item2 = PluginMenuItem(link='test2', link_text='Test 2', permissions=['different_permission'])
+
+        self.assertIsNot(item1.permissions, item2.permissions)
+        self.assertEqual(item1.permissions, ['explicit_permission'])
+        self.assertEqual(item2.permissions, ['different_permission'])

netbox/translations/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-01-08 05:04+0000\n"
+"POT-Creation-Date: 2026-01-16 05:04+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1822,7 +1822,6 @@ msgid "ASN Count"
 msgstr ""
 
 #: netbox/circuits/tables/virtual_circuits.py:64
-#: netbox/netbox/navigation/menu.py:235
 #: netbox/templates/circuits/virtualcircuit.html:87
 #: netbox/templates/vpn/l2vpn.html:60 netbox/templates/vpn/tunnel.html:72
 #: netbox/vpn/tables/tunnels.py:59
@@ -2436,7 +2435,7 @@ msgstr ""
 msgid "Change logging is not supported for this object type ({type})."
 msgstr ""
 
-#: netbox/core/models/config.py:21 netbox/core/models/data.py:282
+#: netbox/core/models/config.py:21 netbox/core/models/data.py:284
 #: netbox/core/models/files.py:29 netbox/core/models/jobs.py:60
 #: netbox/extras/models/models.py:847 netbox/extras/models/notifications.py:39
 #: netbox/extras/models/notifications.py:195
@@ -2542,58 +2541,63 @@ msgstr ""
 msgid "Unknown backend type: {type}"
 msgstr ""
 
-#: netbox/core/models/data.py:180
+#: netbox/core/models/data.py:131
+#, python-brace-format
+msgid "URLs for local sources must start with {scheme} (or specify no scheme)"
+msgstr ""
+
+#: netbox/core/models/data.py:182
 msgid "Cannot initiate sync; syncing already in progress."
 msgstr ""
 
-#: netbox/core/models/data.py:193
+#: netbox/core/models/data.py:195
 msgid ""
 "There was an error initializing the backend. A dependency needs to be "
 "installed: "
 msgstr ""
 
-#: netbox/core/models/data.py:286 netbox/core/models/files.py:33
+#: netbox/core/models/data.py:288 netbox/core/models/files.py:33
 #: netbox/netbox/models/features.py:67
 msgid "last updated"
 msgstr ""
 
-#: netbox/core/models/data.py:296 netbox/dcim/models/cables.py:622
+#: netbox/core/models/data.py:298 netbox/dcim/models/cables.py:622
 msgid "path"
 msgstr ""
 
-#: netbox/core/models/data.py:299
+#: netbox/core/models/data.py:301
 msgid "File path relative to the data source's root"
 msgstr ""
 
-#: netbox/core/models/data.py:303 netbox/ipam/models/ip.py:507
+#: netbox/core/models/data.py:305 netbox/ipam/models/ip.py:507
 msgid "size"
 msgstr ""
 
-#: netbox/core/models/data.py:306
+#: netbox/core/models/data.py:308
 msgid "hash"
 msgstr ""
 
-#: netbox/core/models/data.py:310
+#: netbox/core/models/data.py:312
 msgid "Length must be 64 hexadecimal characters."
 msgstr ""
 
-#: netbox/core/models/data.py:312
+#: netbox/core/models/data.py:314
 msgid "SHA256 hash of the file data"
 msgstr ""
 
-#: netbox/core/models/data.py:326
+#: netbox/core/models/data.py:328
 msgid "data file"
 msgstr ""
 
-#: netbox/core/models/data.py:327
+#: netbox/core/models/data.py:329
 msgid "data files"
 msgstr ""
 
-#: netbox/core/models/data.py:400
+#: netbox/core/models/data.py:402
 msgid "auto sync record"
 msgstr ""
 
-#: netbox/core/models/data.py:401
+#: netbox/core/models/data.py:403
 msgid "auto sync records"
 msgstr ""
 
@@ -11241,7 +11245,13 @@ msgid ""
 "parent object"
 msgstr ""
 
-#: netbox/ipam/models/ip.py:946
+#: netbox/ipam/models/ip.py:947
+msgid ""
+"Cannot reassign IP address while it is designated as the OOB IP for the "
+"parent object"
+msgstr ""
+
+#: netbox/ipam/models/ip.py:953
 msgid "Only IPv6 addresses can be assigned SLAAC status"
 msgstr ""
 
@@ -12190,6 +12200,10 @@ msgstr ""
 msgid "L2VPNs"
 msgstr ""
 
+#: netbox/netbox/navigation/menu.py:235
+msgid "L2VPN Terminations"
+msgstr ""
+
 #: netbox/netbox/navigation/menu.py:241
 msgid "IKE Proposals"
 msgstr ""
@@ -12486,8 +12500,8 @@ msgstr ""
 msgid "Delete Selected"
 msgstr ""
 
-#: netbox/netbox/plugins/navigation.py:55
+#: netbox/netbox/plugins/navigation.py:53
-#: netbox/netbox/plugins/navigation.py:88
+#: netbox/netbox/plugins/navigation.py:89
 msgid "Permissions must be passed as a tuple or list."
 msgstr ""
 
@@ -12495,7 +12509,7 @@ msgstr ""
 msgid "Buttons must be passed as a tuple or list."
 msgstr ""
 
-#: netbox/netbox/plugins/navigation.py:92
+#: netbox/netbox/plugins/navigation.py:95
 msgid "Button color must be a choice within ButtonColorChoices."
 msgstr ""
 
@@ -15938,7 +15952,7 @@ msgstr ""
 #: netbox/users/forms/model_forms.py:126
 msgid ""
 "Tokens must be at least 40 characters in length. <strong>Be sure to record "
-"your key</strong> prior to submitting this form, as it will no longer be "
+"your token</strong> prior to submitting this form, as it will no longer be "
 "accessible once the token has been created."
 msgstr ""
 
@@ -16077,7 +16091,7 @@ msgid "write enabled"
 msgstr ""
 
 #: netbox/users/models/tokens.py:72
-msgid "Permit create/update/delete operations using this key"
+msgid "Permit create/update/delete operations using this token"
 msgstr ""
 
 #: netbox/users/models/tokens.py:76
@@ -16126,12 +16140,16 @@ msgstr ""
 msgid "tokens"
 msgstr ""
 
-#: netbox/users/models/tokens.py:219
+#: netbox/users/models/tokens.py:217
+msgid "Unable to save v2 tokens: API_TOKEN_PEPPERS is not defined."
+msgstr ""
+
+#: netbox/users/models/tokens.py:222
 #, python-brace-format
 msgid "Invalid pepper ID: {id}. Check configured API_TOKEN_PEPPERS."
 msgstr ""
 
-#: netbox/users/models/tokens.py:232
+#: netbox/users/models/tokens.py:235
 #, python-brace-format
 msgid ""
 "Expiration time must be in the future. Current server time is {current_time} "

netbox/users/forms/model_forms.py

@@ -123,7 +123,7 @@ class UserTokenForm(forms.ModelForm):
     token = forms.CharField(
         label=_('Token'),
         help_text=_(
-            'Tokens must be at least 40 characters in length. <strong>Be sure to record your key</strong> prior to '
+            'Tokens must be at least 40 characters in length. <strong>Be sure to record your token</strong> prior to '
             'submitting this form, as it will no longer be accessible once the token has been created.'
         ),
         widget=forms.TextInput(

netbox/users/models/tokens.py

@@ -69,7 +69,7 @@ class Token(models.Model):
     write_enabled = models.BooleanField(
         verbose_name=_('write enabled'),
         default=True,
-        help_text=_('Permit create/update/delete operations using this key')
+        help_text=_('Permit create/update/delete operations using this token')
     )
     # For legacy v1 tokens, this field stores the plaintext 40-char token value. Not used for v2.
     plaintext = models.CharField(
@@ -213,6 +213,9 @@ class Token(models.Model):
     def clean(self):
         super().clean()
 
+        if self.version == TokenVersionChoices.V2 and not settings.API_TOKEN_PEPPERS:
+            raise ValidationError(_("Unable to save v2 tokens: API_TOKEN_PEPPERS is not defined."))
+
         if self._state.adding:
             if self.pepper_id is not None and self.pepper_id not in settings.API_TOKEN_PEPPERS:
                 raise ValidationError(_(

netbox/users/tests/test_models.py

@@ -1,9 +1,10 @@
 from datetime import timedelta
 
 from django.core.exceptions import ValidationError
-from django.test import TestCase
+from django.test import TestCase, override_settings
 from django.utils import timezone
 
+from users.choices import TokenVersionChoices
 from users.models import User, Token
 from utilities.testing import create_test_user
 
@@ -94,6 +95,15 @@ class TokenTest(TestCase):
         token.refresh_from_db()
         self.assertEqual(token.description, 'New Description')
 
+    @override_settings(API_TOKEN_PEPPERS={})
+    def test_v2_without_peppers_configured(self):
+        """
+        Attempting to save a v2 token without API_TOKEN_PEPPERS defined should raise a ValidationError.
+        """
+        token = Token(version=TokenVersionChoices.V2)
+        with self.assertRaises(ValidationError):
+            token.clean()
+
 
 class UserConfigTest(TestCase):