Allow create / update password via UI

2025-11-04 03:27:12 -05:00 · 2022-11-23 00:35:17 -08:00 · 2022-11-23 00:35:17 -08:00 · cf53d0866a
commit cf53d0866a
parent 3f19c0ed03
1 changed files with 48 additions and 0 deletions
--- a/src/paperless/serialisers.py
+++ b/src/paperless/serialisers.py
@ -4,8 +4,21 @@ from django.contrib.auth.models import User
 from rest_framework import serializers


+class ObfuscatedUserPasswordField(serializers.Field):
+    """
+    Sends *** string instead of password in the clear
+    """
+
+    def to_representation(self, value):
+        return "**********" if len(value) > 0 else ""
+
+    def to_internal_value(self, data):
+        return data
+
+
 class UserSerializer(serializers.ModelSerializer):

+    password = ObfuscatedUserPasswordField()
    user_permissions = serializers.SlugRelatedField(
        many=True,
        queryset=Permission.objects.all(),
@ -18,6 +31,7 @@ class UserSerializer(serializers.ModelSerializer):
        fields = (
            "id",
            "username",
+            "password",
            "first_name",
            "last_name",
            "date_joined",
@ -32,6 +46,40 @@ class UserSerializer(serializers.ModelSerializer):
    def get_inherited_permissions(self, obj):
        return obj.get_group_permissions()

+    def update(self, instance, validated_data):
+        if "password" in validated_data:
+            if len(validated_data.get("password").replace("*", "")) > 0:
+                print("set", validated_data.get("password"))
+                instance.set_password(validated_data.get("password"))
+                instance.save()
+            validated_data.pop("password")
+        super().update(instance, validated_data)
+        return instance
+
+    def create(self, validated_data):
+        groups = None
+        if "groups" in validated_data:
+            groups = validated_data.pop("groups")
+        user_permissions = None
+        if "user_permissions" in validated_data:
+            user_permissions = validated_data.pop("user_permissions")
+        password = None
+        if "password" in validated_data:
+            if len(validated_data.get("password").replace("*", "")) > 0:
+                password = validated_data.pop("password")
+        user = User.objects.create(**validated_data)
+        # set groups
+        if groups:
+            user.groups.set(groups)
+        # set permissions
+        if user_permissions:
+            user.user_permissions.set(user_permissions)
+        # set password
+        if password:
+            user.set_password(password)
+        user.save()
+        return user
+

 class GroupSerializer(serializers.ModelSerializer):