Additional Serializer Fields in Django REST Framew

2019-04-04 07:36发布

站内问答 / Python
961 2 3

Situation

I am creating a simple endpoint that allows for the creation of a user. I need a field that is not in my user model (i.e., confirm_password). I will run validation that compares this field and another field that is in my model, and then never use the additional field again in the serializer.

Problem

DRF version 3 has changed the process for accomplishing this, and I do not quite understand what the documentation is suggesting I do. See here for the documentation.

Attempt at Solution

I have created a UserSerializer that looks like this:

from django.contrib.auth import get_user_model
from rest_framework import serializers

class UserSerializer(serializers.ModelSerializer):
    confirm_password = serializers.CharField(allow_blank=False)

    def validate(self, data):
        """
        Checks to be sure that the received password and confirm_password
        fields are exactly the same
        """
        if data['password'] != data.pop('confirm_password'):
            raise serializers.ValidationError("Passwords do not match")
        return data

    def create(self, validated_data):
        """
        Creates the user if validation succeeds
        """
        password = validated_data.pop('password', None)
        user = self.Meta.model(**validated_data)
        user.set_password(password)
        user.save()
        return user

    class Meta:
        # returns the proper auth model
        model = get_user_model()
        # fields that will be deserialized
        fields = ['password', 'confirm_password',
                  'username', 'first_name', 'last_name', 'email']
        # fields that will be serialized only
        read_only_fields = ['is_staff', 'is_superuser']
        # fields that will be deserialized only
        write_only_fields = ['password' 'confirm_password']

I was hoping that popping confirm_password in validate would take care of my problems, but I just get the following:

Got KeyError when attempting to get a value for field confirm_password on serializer UserSerializer. The serializer field might be named incorrectly and not match any attribute or key on the OrderedDict instance

2条回答
我想做一个坏孩纸
2楼-- · 2019-04-04 08:18

You are looking for a write-only field, as I'm assuming you won't want to display the password confirmation in the API. Django REST Framework introduced the write_only parameter in the 2.3.x timeline to complement the read_only parameter, so the only time validation is run is when an update is being made. The write_only_fields meta property was added around the same time, but it's important to understand how both of these work together.

The write_only_fields meta property will automatically add the write_only property to a field when it is automatically created, like for a password field on a User model. It will not do this for any fields which are not on the model, or fields that have been explicitly specified on the serializer. In your case, you are explicitly specifying the confirm_password field on your serializer, which is why it is not working.

Got KeyError when attempting to get a value for field confirm_password on serializer UserSerializer. The serializer field might be named incorrectly and not match any attribute or key on the OrderedDict instance

This is raised during the re-serialization of the created user, when it is trying to serialize your confirm_password field. Because it cannot find the field on the User model, it triggers this error which tries to explain the problem. Unfortunately because this is on a new user, it tells you to confusingly look at the OrderedDict instance instead of the User instance.

class UserSerializer(serializers.ModelSerializer):
    confirm_password = serializers.CharField(allow_blank=False, write_only=True)

If you explicitly specify write_only on the serializer field, and remove the field from your write_only_fields, then you should see the behaviour your are expecting.

You can find documentation about this on this link

查看更多
0人赞 添加讨论(0) 举报
不美不萌又怎样
3楼-- · 2019-04-04 08:32

Also useful for nested serializer implementation representing models, when the root model doesn't have directly access to fields you want to use. Thank you @vyscond ;) Fyi here is my case:

models.py

class Company(models.Model):
    permission_classes = (
        IsCompanyMember,
    )

    name = models.CharField(
        unique=True,
        max_length=100,
        verbose_name='company name',
        null=False
    )
class Profile(models.Model):

    company = models.ForeignKey(Company, on_delete=models.CASCADE, null=True)
    user = models.OneToOneField(User, on_delete=models.CASCADE)
    is_company_admin = models.BooleanField(default=False, null=False)
    is_email_validated = models.BooleanField(default=False, null=False)
    is_approved_by_company_admin = models.BooleanField(default=False, null=False)

serializer.py

class CompanySerializer(serializers.ModelSerializer):
    class Meta:
        model = Company
        fields = ('name',)

class CustomUserRegistrationSerializer(serializers.ModelSerializer):
    password = serializers.CharField(style={'input_type': 'password'},
                                 write_only=True,
                                 validators=settings.get('PASSWORD_VALIDATORS'))

    company = CompanySerializer(allow_null=False, required=True,write_only=True)

    class Meta:
        model = User
        fields = ('username',
                  'email',
                  'password',
                  'company',
                  'first_name',
                  'last_name')
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(3)