1
0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00

8853 Prevent the retrieval of API tokens after creation (#10645)

* 8853 hide api token

* 8853 hide key on edit

* 8853 add key display

* 8853 cleanup html

* 8853 make token view accessible only once on POST

* Clean up display of tokens in views

* Honor ALLOW_TOKEN_RETRIEVAL in API serializer

* Add docs & tweak default setting

* Include token key when provisioning with user credentials

Co-authored-by: jeremystretch <jstretch@ns1.com>
This commit is contained in:
Arthur Hanson
2022-11-02 09:45:00 -07:00
committed by GitHub
parent 484efdaf75
commit 816fedb78d
12 changed files with 116 additions and 12 deletions

View File

@ -1,3 +1,4 @@
from django.conf import settings
from django.contrib.auth.models import Group, User
from django.contrib.contenttypes.models import ContentType
from rest_framework import serializers
@ -63,7 +64,13 @@ class GroupSerializer(ValidatedModelSerializer):
class TokenSerializer(ValidatedModelSerializer):
url = serializers.HyperlinkedIdentityField(view_name='users-api:token-detail')
key = serializers.CharField(min_length=40, max_length=40, allow_blank=True, required=False)
key = serializers.CharField(
min_length=40,
max_length=40,
allow_blank=True,
required=False,
write_only=not settings.ALLOW_TOKEN_RETRIEVAL
)
user = NestedUserSerializer()
allowed_ips = serializers.ListField(
child=IPNetworkSerializer(),