Closes #18751: Set the default value of `ALLOW_TOKEN_RETRIEVAL` to False (#18943)

* Closes #18751: Set the default value of ALLOW_TOKEN_RETRIEVAL to False

* Enable token retrieval during testing

docs/configuration/security.md

@@ -2,7 +2,10 @@
 
 ## ALLOW_TOKEN_RETRIEVAL
 
-Default: True
+Default: False
+
+!!! note
+    The default value of this parameter changed from true to false in NetBox v4.3.0.
 
 If disabled, the values of API tokens will not be displayed after each token's initial creation. A user **must** record the value of a token prior to its creation, or it will be lost. Note that this affects _all_ users, regardless of assigned permissions.
 

netbox/netbox/configuration_testing.py

@@ -43,6 +43,8 @@ SECRET_KEY = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
 
 DEFAULT_PERMISSIONS = {}
 
+ALLOW_TOKEN_RETRIEVAL = True
+
 LOGGING = {
     'version': 1,
     'disable_existing_loggers': True

netbox/netbox/settings.py

@@ -64,7 +64,7 @@ elif hasattr(configuration, 'DATABASE') and hasattr(configuration, 'DATABASES'):
 
 # Set static config parameters
 ADMINS = getattr(configuration, 'ADMINS', [])
-ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', True)
+ALLOW_TOKEN_RETRIEVAL = getattr(configuration, 'ALLOW_TOKEN_RETRIEVAL', False)
 ALLOWED_HOSTS = getattr(configuration, 'ALLOWED_HOSTS')  # Required
 AUTH_PASSWORD_VALIDATORS = getattr(configuration, 'AUTH_PASSWORD_VALIDATORS', [
     {