## Steps to reproduce When sign-up is completed, I don’t want to show hashed password to user
# views.py class UserSignup(generics.CreateAPIView): serializer_class = CustomUserSerializer def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) self.perform_create(serializer) headers = self.get_success_headers(serializer.data) return Response( serializer.data, status=status.HTTP_201_CREATED, headers=headers ) # serializers.py class CustomUserSerializer(serializers.ModelSerializer): class Meta: model = CustomUser fields = 'name', 'email', 'password' def validate(self, attrs): password = attrs['password'] if len(password) < 9: raise serializers.ValidationError("password is too short.") return attrs def create(self, validated_data): ModelClass = self.Meta.model instance = ModelClass.objects.create_user(**validated_data) return instance ## Expected behavior { "ID": "sol13", "password": "inputed password" (or Null..) } ## Actual behavior but { "ID": "sol13", "password": "pbkdf2_sha256$30000$irJGEMqdM7Z2$fvyAw63kC2SQ3qKJ+RZ8MAGxbjhBThTQvyYldrBRguw=" } Even if there is no security problem.. The hashed password is meaningless value. Why is it showing a hashed password? of course i know how to remove password at response . by manipulating returndict.. another way, i can use a serializer with fields without a password, but it will not be validated, so additional manipulation is required. Why is not it the default setting to hide the (hashed) 'password' field of AbstractBaseUser? -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.