8853 Prevent the retrieval of API tokens after creation (#10645)

* 8853 hide api token * 8853 hide key on edit * 8853 add key display * 8853 cleanup html * 8853 make token view accessible only once on POST * Clean up display of tokens in views * Honor ALLOW_TOKEN_RETRIEVAL in API serializer * Add docs & tweak default setting * Include token key when provisioning with user credentials Co-authored-by: jeremystretch <jstretch@ns1.com>
2024-05-10 07:54:54 +00:00 · 2022-11-02 09:45:00 -07:00
parent 484efdaf75
commit 816fedb78d
12 changed files with 116 additions and 12 deletions
--- a/netbox/users/api/views.py
+++ b/netbox/users/api/views.py
@ -88,6 +88,8 @@ class TokenProvisionView(APIView):
        token = Token(user=user)
        token.save()
        data = serializers.TokenSerializer(token, context={'request': request}).data
+        # Manually append the token key, which is normally write-only
+        data['key'] = token.key

        return Response(data, status=HTTP_201_CREATED)