Merge pull request #926 from abrbhat/master

Fix #866 - Hash password while creating user through admin API

app/api/admin.py

@@ -1,7 +1,9 @@
 from django.contrib.auth.models import User, Group
-from rest_framework import serializers, viewsets, generics
+from rest_framework import serializers, viewsets, generics, status
 from rest_framework.permissions import IsAdminUser
-
+from rest_framework.response import Response
+from django.contrib.auth.hashers import make_password
+from app import models
 
 class UserSerializer(serializers.ModelSerializer):
     class Meta:
@@ -18,7 +20,14 @@ class UserViewSet(viewsets.ModelViewSet):
         if email is not None:
             queryset = queryset.filter(email=email)
         return queryset
-
+    def create(self, request):
+        data = request.data.copy()
+        password = data.get('password')
+        data['password'] = make_password(password)
+        user = UserSerializer(data=data)
+        user.is_valid(raise_exception=True)
+        user.save()
+        return Response(user.data, status=status.HTTP_201_CREATED)
 
 class GroupSerializer(serializers.ModelSerializer):
     class Meta:

app/tests/test_api_admin.py

@@ -2,6 +2,7 @@ from django.contrib.auth.models import User, Group
 from rest_framework import status
 from rest_framework.test import APIClient
 from rest_framework_jwt.settings import api_settings
+from django.contrib.auth.hashers import check_password
 
 from .classes import BootTestCase
 from app.api.admin import UserSerializer, GroupSerializer
@@ -46,6 +47,7 @@ class TestApi(BootTestCase):
         self.assertEqual(res.data['username'], user.username)
         self.assertEqual(res.data['email'], user.email)
         self.assertEqual(res.data['password'], user.password)
+        self.assertTrue(check_password('test999', user.password))
 
         # Can update user
         res = client.put('/api/admin/users/{}/'.format(created_user_id), {'username': 'testuser888', 'email': 'testuser888@test.com', 'password': 'test888'})