From cf53d0866aa092cc89844630d55b61f552cd5c63 Mon Sep 17 00:00:00 2001
From: Michael Shamoon <4887959+shamoon@users.noreply.github.com>
Date: Wed, 23 Nov 2022 00:35:17 -0800
Subject: [PATCH] Allow create / update password via UI

---
 src/paperless/serialisers.py | 48 ++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/src/paperless/serialisers.py b/src/paperless/serialisers.py
index dc3fe47fd..25415bf01 100644
--- a/src/paperless/serialisers.py
+++ b/src/paperless/serialisers.py
@@ -4,8 +4,21 @@ from django.contrib.auth.models import User
 from rest_framework import serializers
 
 
+class ObfuscatedUserPasswordField(serializers.Field):
+    """
+    Sends *** string instead of password in the clear
+    """
+
+    def to_representation(self, value):
+        return "**********" if len(value) > 0 else ""
+
+    def to_internal_value(self, data):
+        return data
+
+
 class UserSerializer(serializers.ModelSerializer):
 
+    password = ObfuscatedUserPasswordField()
     user_permissions = serializers.SlugRelatedField(
         many=True,
         queryset=Permission.objects.all(),
@@ -18,6 +31,7 @@ class UserSerializer(serializers.ModelSerializer):
         fields = (
             "id",
             "username",
+            "password",
             "first_name",
             "last_name",
             "date_joined",
@@ -32,6 +46,40 @@ class UserSerializer(serializers.ModelSerializer):
     def get_inherited_permissions(self, obj):
         return obj.get_group_permissions()
 
+    def update(self, instance, validated_data):
+        if "password" in validated_data:
+            if len(validated_data.get("password").replace("*", "")) > 0:
+                print("set", validated_data.get("password"))
+                instance.set_password(validated_data.get("password"))
+                instance.save()
+            validated_data.pop("password")
+        super().update(instance, validated_data)
+        return instance
+
+    def create(self, validated_data):
+        groups = None
+        if "groups" in validated_data:
+            groups = validated_data.pop("groups")
+        user_permissions = None
+        if "user_permissions" in validated_data:
+            user_permissions = validated_data.pop("user_permissions")
+        password = None
+        if "password" in validated_data:
+            if len(validated_data.get("password").replace("*", "")) > 0:
+                password = validated_data.pop("password")
+        user = User.objects.create(**validated_data)
+        # set groups
+        if groups:
+            user.groups.set(groups)
+        # set permissions
+        if user_permissions:
+            user.user_permissions.set(user_permissions)
+        # set password
+        if password:
+            user.set_password(password)
+        user.save()
+        return user
+
 
 class GroupSerializer(serializers.ModelSerializer):