我想通过 API 视图创建用户。但是我遇到了这个问题:
序列化器.py
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('username', 'password')
views.py
class UserRegistration(CreateAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
我该如何解决这个问题?
【问题讨论】:
标签: python django api django-rest-framework django-views
您应该在保存新用户对象之前覆盖序列化程序的create() 方法以散列密码。您可以为此使用set_password:
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('username', 'password')
def create(self, validated_data):
user = User(
username=validated_data['username']
)
user.set_password(validated_data['password'])
user.save()
return user
否则 User.password 将在 DB 中被盯着而不用散列,这是不安全的。
你也可以使用create_user方法,默认调用set_password:
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('username', 'password')
def create(self, validated_data):
return User.objects.create_user(**validated_data)
【讨论】:
试试这个
from django.contrib.auth.hashers import make_password
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('username', 'password')
def create(self, validated_data):
user = User(
username=validated_data['username']
)
user.set_password(make_password(validated_data['password']))
user.save()
return user
【讨论】: