Skip to content

Closes #20823: Validate Token expiration date on creation #20862

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 24, 2025
Merged

Closes #20823: Validate Token expiration date on creation #20862

merged 1 commit into from
Nov 24, 2025
+87 −1

Conversation

@pheus
Copy link
Contributor

@pheus pheus commented Nov 21, 2025

Fixes: #20823

This PR adds model-level validation to prevent creating API tokens with an expiration date in the past, while still allowing updates to existing tokens (including already-expired ones).

Changes:

  • Updates Token.clean() to raise a ValidationError when creating a new token (pk is None) whose expires timestamp is already in the past.
  • Leaves updates to existing tokens unchanged so that expired tokens can still be modified as needed.
  • Adds tests in users/tests/test_models.py covering:
    • the Token.is_expired property for None, future, and past expiration times
    • creation of tokens with a past expiration date
    • updates to existing expired tokens

No database or API schema changes are introduced by this PR.

@jeremystretch jeremystretch requested review from a team and jnovinger and removed request for a team November 21, 2025 14:29
jnovinger
jnovinger reviewed Nov 21, 2025
View reviewed changes
@pheus pheus force-pushed the 20823-prevent-token-creation-with-past-expiration-date branch from fb07bcd to 92ff05f Compare November 24, 2025 17:07
@pheus
feat(users): Validate token expiration date on creation
8e4b3f9 
Add model-level validation to prevent creating tokens with a past
expiration date. Updates to existing tokens are still allowed, ensuring
flexibility for expired token modifications.
Includes test cases to verify this behavior.

Fixes netbox-community#20823
@pheus pheus force-pushed the 20823-prevent-token-creation-with-past-expiration-date branch from 92ff05f to 8e4b3f9 Compare November 24, 2025 18:40
@pheus
Copy link
Contributor Author

pheus commented Nov 24, 2025

Thanks again for the detailed review and the pointers around timezones and i18n 🙏

I’ve updated the ValidationError to include both the current server time and the configured timezone, following the pattern from DateTimeColumn and using named placeholders so it’s translation‑friendly.

For local verification, I regenerated the English and German message catalogs and confirmed that the new string and the translators’ hint are picked up correctly. The entry looks like this in django.po:

#. Translators: {current_time} is the current server date and time in ISO format,
#. {timezone} is the configured server time zone (for example, "UTC" or "Europe/Berlin").
#: users/models/tokens.py:78
#, python-brace-format
msgid ""
"Expiration time must be in the future. Current server time is {current_time} "
"({timezone})."
msgstr "Das Ablaufdatum muss in der Zukunft liegen. Aktuelle Serverzeit ist {current_time} ({timezone})."

@pheus pheus requested a review from jnovinger November 24, 2025 18:56
@jnovinger jnovinger merged commit b919868 into netbox-community:main Nov 24, 2025
7 checks passed
@pheus pheus deleted the 20823-prevent-token-creation-with-past-expiration-date branch November 24, 2025 21:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jnovinger jnovinger jnovinger approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Prevent Creation Of API Token With Expiration In Past

2 participants

@pheus @jnovinger