starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-13 22:03:32 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

[PR #20477] [MERGED] Closes #20210: Implement new version of API token #15937

New Issue
Closed
opened 2025-12-30 00:24:54 +01:00 by adam · 0 comments
adam commented 2025-12-30 00:24:54 +01:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/netbox-community/netbox/pull/20477
Author: @jeremystretch
Created: 10/2/2025
Status: Merged
Merged: 10/7/2025
Merged by: @bctiemann

Base: featureHead: 20210-new-token-auth

📝 Commits (10+)

  • 1ee23ba Initial work on #20210
  • 5dc48f3 Enforce a fixed key length for v2 tokens
  • 11099b0 Rename pepper field to pepper_id for clarity
  • 43fc7fb Add constraints to enforce v1/v2-dependent fields
  • f82f084 Misc cleanup
  • adce67a Standardize on the use of v2 tokens in tests
  • f6290dd Toggle plaintext display for v1 tokens
  • d69042f Clean up token tables
  • a54c508 Misc cleanup
  • ac335c3 Clean up filterset tests

📊 Changes

32 files changed (+1017 additions, -360 deletions)

View changed files

📝 contrib/openapi.json (+199 -73)
📝 docs/configuration/required-parameters.md (+25 -0)
📝 docs/features/api-integration.md (+1 -1)
📝 docs/installation/3-netbox.md (+17 -0)
📝 docs/integrations/rest-api.md (+21 -8)
netbox/account/tables.py (+0 -57)
📝 netbox/account/views.py (+4 -4)
📝 netbox/core/tests/test_api.py (+2 -1)
📝 netbox/netbox/api/authentication.py (+85 -31)
📝 netbox/netbox/configuration_example.py (+10 -0)
📝 netbox/netbox/configuration_testing.py (+4 -0)
📝 netbox/netbox/settings.py (+8 -0)
📝 netbox/netbox/tables/columns.py (+1 -1)
📝 netbox/netbox/tests/test_authentication.py (+123 -30)
📝 netbox/templates/account/token.html (+4 -58)
📝 netbox/templates/users/token.html (+24 -2)
📝 netbox/users/api/serializers_/tokens.py (+11 -17)
netbox/users/choices.py (+17 -0)
📝 netbox/users/constants.py (+8 -0)
📝 netbox/users/filtersets.py (+13 -1)

...and 12 more files

📄 Description

Closes: #20210

  • Extend the Token model
    • Rename key to plaintext (used only for v1 tokens)
    • Add an integer field version to denote v1/v2 tokens
    • Add key, pepper_id, and hmac_digest fields to store v2 token attributes
  • Introduce the API_TOKEN_PEPPERS configuration parameter
  • Extend TokenAuthentication to recognize both token versions and to validate v2 tokens
  • Introduce the get_current_pepper() utility function to retrieve the most recent pepper
  • Simplify the token.html template for the account view
  • Adapt all test suites to use v2 API tokens by default
  • Update the documentation

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/netbox-community/netbox/pull/20477 **Author:** [@jeremystretch](https://github.com/jeremystretch) **Created:** 10/2/2025 **Status:** ✅ Merged **Merged:** 10/7/2025 **Merged by:** [@bctiemann](https://github.com/bctiemann) **Base:** `feature` ← **Head:** `20210-new-token-auth` --- ### 📝 Commits (10+) - [`1ee23ba`](https://github.com/netbox-community/netbox/commit/1ee23ba6fa206668186baf8a0e3d2c140f85b333) Initial work on #20210 - [`5dc48f3`](https://github.com/netbox-community/netbox/commit/5dc48f3a8895f7c1e5a359d0075bd309e89dd248) Enforce a fixed key length for v2 tokens - [`11099b0`](https://github.com/netbox-community/netbox/commit/11099b01bb3ba4ed80736afac6fab62c5ca31cf7) Rename pepper field to pepper_id for clarity - [`43fc7fb`](https://github.com/netbox-community/netbox/commit/43fc7fb58aebe7f23252c64114d8dd02572056a0) Add constraints to enforce v1/v2-dependent fields - [`f82f084`](https://github.com/netbox-community/netbox/commit/f82f084c02f0d1b2aafc6650b7174dbc541686aa) Misc cleanup - [`adce67a`](https://github.com/netbox-community/netbox/commit/adce67a7cfc47e7851a63ce8567b96401cc36f99) Standardize on the use of v2 tokens in tests - [`f6290dd`](https://github.com/netbox-community/netbox/commit/f6290dd7af2c1879e7b0560ff485ad1194c3a3d2) Toggle plaintext display for v1 tokens - [`d69042f`](https://github.com/netbox-community/netbox/commit/d69042f26e31bcc6832aac2e6090f1b2e2cc0090) Clean up token tables - [`a54c508`](https://github.com/netbox-community/netbox/commit/a54c508da29c5532b3cf4299eee9746f9e987114) Misc cleanup - [`ac335c3`](https://github.com/netbox-community/netbox/commit/ac335c3d879f33a7197edefb63930667919350f5) Clean up filterset tests ### 📊 Changes **32 files changed** (+1017 additions, -360 deletions) <details> <summary>View changed files</summary> 📝 `contrib/openapi.json` (+199 -73) 📝 `docs/configuration/required-parameters.md` (+25 -0) 📝 `docs/features/api-integration.md` (+1 -1) 📝 `docs/installation/3-netbox.md` (+17 -0) 📝 `docs/integrations/rest-api.md` (+21 -8) ➖ `netbox/account/tables.py` (+0 -57) 📝 `netbox/account/views.py` (+4 -4) 📝 `netbox/core/tests/test_api.py` (+2 -1) 📝 `netbox/netbox/api/authentication.py` (+85 -31) 📝 `netbox/netbox/configuration_example.py` (+10 -0) 📝 `netbox/netbox/configuration_testing.py` (+4 -0) 📝 `netbox/netbox/settings.py` (+8 -0) 📝 `netbox/netbox/tables/columns.py` (+1 -1) 📝 `netbox/netbox/tests/test_authentication.py` (+123 -30) 📝 `netbox/templates/account/token.html` (+4 -58) 📝 `netbox/templates/users/token.html` (+24 -2) 📝 `netbox/users/api/serializers_/tokens.py` (+11 -17) ➕ `netbox/users/choices.py` (+17 -0) 📝 `netbox/users/constants.py` (+8 -0) 📝 `netbox/users/filtersets.py` (+13 -1) _...and 12 more files_ </details> ### 📄 Description ### Closes: #20210 - Extend the Token model - Rename `key` to `plaintext` (used only for v1 tokens) - Add an integer field `version` to denote v1/v2 tokens - Add `key`, `pepper_id`, and `hmac_digest` fields to store v2 token attributes - Introduce the `API_TOKEN_PEPPERS` configuration parameter - Extend `TokenAuthentication` to recognize both token versions and to validate v2 tokens - Introduce the `get_current_pepper()` utility function to retrieve the most recent pepper - Simplify the `token.html` template for the account view - Adapt all test suites to use v2 API tokens by default - Update the documentation --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
adam added the pull-request label 2025-12-30 00:24:54 +01:00
adam closed this issue 2025-12-30 00:24:54 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#15937
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?