8853 Prevent the retrieval of API tokens after creation (#10645)

* 8853 hide api token * 8853 hide key on edit * 8853 add key display * 8853 cleanup html * 8853 make token view accessible only once on POST * Clean up display of tokens in views * Honor ALLOW_TOKEN_RETRIEVAL in API serializer * Add docs & tweak default setting * Include token key when provisioning with user credentials Co-authored-by: jeremystretch <jstretch@ns1.com>
2024-05-10 07:54:54 +00:00 · 2022-11-02 09:45:00 -07:00
parent 484efdaf75
commit 816fedb78d
12 changed files with 116 additions and 12 deletions
--- a/netbox/templates/users/api_token.html
+++ b/netbox/templates/users/api_token.html
@@ -0,0 +1,60 @@
+{% extends 'generic/object.html' %}
+{% load form_helpers %}
+{% load helpers %}
+{% load plugins %}
+
+{% block content %}
+  <div class="row">
+    <div class="col col-md-12">
+      {% if not settings.ALLOW_TOKEN_RETRIEVAL %}
+        <div class="alert alert-danger" role="alert">
+          <i class="mdi mdi-alert"></i> Tokens cannot be retrieved at a later time. You must <a href="#" class="copy-token" data-clipboard-target="#token_id" title="Copy to clipboard">copy the token value</a> below and store it securely.
+        </div>
+      {% endif %}
+      <div class="card">
+        <h5 class="card-header">Token</h5>
+        <div class="card-body">
+          <table class="table table-hover attr-table">
+            <tr>
+              <th scope="row">Key</th>
+              <td>
+                <div class="float-end">
+                  <a class="btn btn-sm btn-success copy-token" data-clipboard-target="#token_id" title="Copy to clipboard">
+                    <i class="mdi mdi-content-copy"></i>
+                  </a>
+                </div>
+                <div id="token_id">{{ key }}</div>
+              </td>
+            </tr>
+            <tr>
+              <th scope="row">Description</th>
+              <td>{{ object.description|placeholder }}</td>
+            </tr>
+            <tr>
+              <th scope="row">User</th>
+              <td>{{ object.user }}</td>
+            </tr>
+            <tr>
+              <th scope="row">Created</th>
+              <td>{{ object.created|annotated_date }}</td>
+            </tr>
+            <tr>
+              <th scope="row">Expires</th>
+              <td>
+                {% if object.expires %}
+                  {{ object.expires|annotated_date }}
+                {% else %}
+                  <span>Never</span>
+                {% endif %}
+              </td>
+            </tr>
+          </table>
+        </div>
+      </div>
+      <div class="col col-md-12 text-center">
+        <a href="{% url 'users:token_add' %}" class="btn btn-outline-primary">Add Another</a>
+        <a href="{{ return_url }}" class="btn btn-outline-danger">Cancel</a>
+      </div>
+    </div>
+  </div>
+{% endblock %}