I want to create user by API view. But I get this problem:
serializers.py
class UserSerializer(serializers.ModelSerializer): class Meta: model = User fields = ('username', 'password')
views.py
class UserRegistration(CreateAPIView): queryset = User.objects.all() serializer_class = UserSerializer
How can I solve this problem?
Advertisement
Answer
You should override serializer’s create()
method to hash password before saving new user object. You can use set_password
for this:
class UserSerializer(serializers.ModelSerializer): class Meta: model = User fields = ('username', 'password') def create(self, validated_data): user = User( username=validated_data['username'] ) user.set_password(validated_data['password']) user.save() return user
Otherwise User.password will be stared in DB without hashing which is not secure.
Also you can use create_user
method which is calling set_password
by defaut:
class UserSerializer(serializers.ModelSerializer): class Meta: model = User fields = ('username', 'password') def create(self, validated_data): return User.objects.create_user(**validated_data)