Skip to content

REST API endpoint for user objects does not allow setting a password #5383

New issue
New issue
Closed
Closed
REST API endpoint for user objects does not allow setting a password#5383
Assignees
jeremystretch
Labels
status: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application
@jeremystretch

Description

@jeremystretch
jeremystretch
opened on Nov 25, 2020

Environment

  • Python version: 3.6.9
  • NetBox version: 2.9.10

Steps to Reproduce

  1. Attempt to create a new user via the REST API endpoint, specifying a username and password.

Expected Behavior

The new user should be created, and authentication should be possible using the provided username and password.

Observed Behavior

The user instance is created, however the password is not set. This is because the password field has been omitted from UserSerializer. (This was not caught by the tests due to a bug identified under #5176.)

The fix for this bug is to add password to the serializer as a write-only field (since we don't want to expose password hashes externally).

Metadata

Metadata

Assignees

Labels

status: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions