## Steps to reproduce
When sign-up is completed,
I don’t want to show password to user
class UserSignup(generics.CreateAPIView):
serializer_class = CustomUserSerializer
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(
serializer.data,
status=status.HTTP_201_CREATED,
headers=headers
)
## Expected behavior
{
"ID": "sol13",
"password": "inputed password" (or Null..)
}
## Actual behavior
but
{
"name": "sol13",
"password": "123123123"
}
It does not seem perfectly secure.
of courde i know how to hidden.
by manipulating returndict..
Why is not it the default setting to hide the 'password' field of
AbstractBaseUser?
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
