Skip to content

Closes #20210: Implement new version of API token #20477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: feature
Choose a base branch
from
Open

Closes #20210: Implement new version of API token #20477

wants to merge 16 commits into from
+1,016 −355

Conversation

jeremystretch
Copy link
Member

@jeremystretch jeremystretch commented Oct 2, 2025
edited
Loading

Closes: #20210

  • Extend the Token model
    • Rename key to plaintext (used only for v1 tokens)
    • Add an integer field version to denote v1/v2 tokens
    • Add key, pepper_id, and hmac_digest fields to store v2 token attributes
  • Introduce the API_TOKEN_PEPPERS configuration parameter
  • Extend TokenAuthentication to recognize both token versions and to validate v2 tokens
  • Introduce the get_current_pepper() utility function to retrieve the most recent pepper
  • Simplify the token.html template for the account view
  • Adapt all test suites to use v2 API tokens by default
  • Update the documentation

jeremystretch
jeremystretch commented Oct 3, 2025
View reviewed changes
netbox/netbox/tables/columns.py
return ''
# Skip dummy records (e.g. available VLANs or IP ranges replacing individual IPs)
if type(record) is not model or not getattr(record, 'pk', None):
if not isinstance(record, model) or not getattr(record, 'pk', None):
Copy link
Member Author

@jeremystretch jeremystretch Oct 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix this to work with proxy models as well as concrete. (Needed to support UserToken)

@jeremystretch jeremystretch marked this pull request as ready for review October 3, 2025 18:50
@jeremystretch jeremystretch requested review from a team and bctiemann and removed request for a team October 3, 2025 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bctiemann bctiemann Awaiting requested review from bctiemann bctiemann was automatically assigned from netbox-community/netbox-core-reviewers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jeremystretch