I am using the Django REST Framework (DRF) to create an endpoint with which I can register new users. However, when I hit the creation endpoint with a POST, the new user is saved via a serializer, but the password is saved in cleartext in the database. The code for my serializer is as follows:
from django.contrib.auth import get_user_modelfrom rest_framework import serializersclass UserSerializer(serializers.ModelSerializer): class Meta: model = get_user_model() fields = ['password', 'username', 'first_name', 'last_name', 'email'] read_only_fields = ['is_staff', 'is_superuser'] write_only_fields = ['password']Please note that I am using the default User model from the Django auth package, and that I am very new to working with DRF! Additionally, I have found this question which provides a solution, but this appears to require two database interactions -- I do not believe that this is efficient, but that might be an incorrect assumption on my part.
