Menu
I'm trying to create an API for my user registration using Django Rest Framework. I created a serializer by following the step from the api-guide
class CreateUserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('email', 'username', 'password')
extra_kwargs = {'password': {'write_only': True}}
def create(self, validated_data):
user = User(
email=validated_data['email'],
username=validated_data['username']
)
user.set_password(validated_data['password'])
user.save()
return user
However, I keep getting the Invalid password format or unknown hashing algorithm. for my newly created user. I've tried to use make_password from django.contrib.auth.hashers, but I still can't resolve this issue.
Thanks
460
@anotheruser Yes, you can't 'decrypt' a hashed password through django. (A hash is a one-way function not really encryption). You could possibly save the password of the user in plaintext in the DB, when they create a user account.
By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it's quite secure, requiring massive amounts of computing time to break.
This user object will store the password as plain text. Django doesn't automatically converts the text to hashed value instead if you dig deeper you'll find a method called make_password or there's a method in AbstractUser , set_password which basically converts the string to hash value.
You can check user by importing model from your model class. if bool_answer is True then it means user exists other wise not. you cannot match password because django applies encryption on passwords. Django stores user details in User model of auth module.
In the serializer redefine the function create with this:
from django.contrib.auth.hashers import make_password
class UserSerializer(ModelSerializer):
def create(self, validated_data):
validated_data['password'] = make_password(validated_data['password'])
return super(UserSerializer, self).create(validated_data)
And this all! :D
171
You can try it in this way
from django.contrib.auth.hashers import make_password
user = User.objects.create(
email=validated_data['email'],
username=validated_data['username'],
password = make_password(validated_data['password'])
)
You can overwrite the perform_create method in CreateAPIView
from rest_framework.generics import CreateAPIView
class SignUpView(CreateAPIView):
serializer_class = SignUpSerializers
def perform_create(self, serializer):
instance = serializer.save()
instance.set_password(instance.password)
instance.save()
You could also use a field validation function for the password field by adding a validate_password method to your serializer and make it return the hash.
from rest_framework.serializers import ModelSerializer
from django.contrib.auth.hashers import make_password
class UserSerializer(ModelSerializer):
class Meta:
model = backend.models.User
fields = ('username', 'email', 'password',)
validate_password = make_password
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
