diff --git a/app/api/admin.py b/app/api/admin.py index 391d806e..88c9c0d4 100644 --- a/app/api/admin.py +++ b/app/api/admin.py @@ -1,7 +1,9 @@ from django.contrib.auth.models import User, Group -from rest_framework import serializers, viewsets, generics +from rest_framework import serializers, viewsets, generics, status from rest_framework.permissions import IsAdminUser - +from rest_framework.response import Response +from django.contrib.auth.hashers import make_password +from app import models class UserSerializer(serializers.ModelSerializer): class Meta: @@ -18,7 +20,14 @@ class UserViewSet(viewsets.ModelViewSet): if email is not None: queryset = queryset.filter(email=email) return queryset - + def create(self, request): + data = request.data.copy() + password = data.get('password') + data['password'] = make_password(password) + user = UserSerializer(data=data) + user.is_valid(raise_exception=True) + user.save() + return Response(user.data, status=status.HTTP_201_CREATED) class GroupSerializer(serializers.ModelSerializer): class Meta: diff --git a/app/tests/test_api_admin.py b/app/tests/test_api_admin.py index fb3a1579..7ba0fa28 100644 --- a/app/tests/test_api_admin.py +++ b/app/tests/test_api_admin.py @@ -2,6 +2,7 @@ from django.contrib.auth.models import User, Group from rest_framework import status from rest_framework.test import APIClient from rest_framework_jwt.settings import api_settings +from django.contrib.auth.hashers import check_password from .classes import BootTestCase from app.api.admin import UserSerializer, GroupSerializer @@ -46,6 +47,7 @@ class TestApi(BootTestCase): self.assertEqual(res.data['username'], user.username) self.assertEqual(res.data['email'], user.email) self.assertEqual(res.data['password'], user.password) + self.assertTrue(check_password('test999', user.password)) # Can update user res = client.put('/api/admin/users/{}/'.format(created_user_id), {'username': 'testuser888', 'email': 'testuser888@test.com', 'password': 'test888'})