Password fields rendering as plain text in documentation

Question

I am using Django rest framework 3.1 and django-rest-swagger 0.3.2. Things are working fairly well however I am having an issue with the password input fields in my login serializer. My login serializer is pretty simple, it inherits from rest_framework.authtoken.serializers.AuthTokenSerializer:

class MyLoginSerializer(AuthTokenSerializer):

    def validate(self, attrs):
       # small amount of validation logic here

The AuthTokenSerializer has the password field defined with the proper style:

class AuthTokenSerializer(serializers.Serializer):
    username = serializers.CharField()
    password = serializers.CharField(style={'input_type': 'password'})

But Swagger displays the password input in the POST documentation as plain text (input type='text'). I'm not sure what is going wrong here, shouldn't django-rest-swagger be able to interpret the style here and render the input accordingly? Am I missing something? Any advice is appreciated, thanks much!

Answer 1

I'm still using DRF 2.4.4, but this is what I have to * out the field:

from django.forms.widgets import PasswordInput

class UserSerializer(serializers.HyperlinkedModelSerializer):
    password = serializers.CharField(
        required=False,
        write_only=True, # <- never send password (or hash) to the client
        allow_none=True, # <- allow users to not specify a password 
        blank=True,
        # this creates a password input field for DRF-only 
        # front end (not sure about swagger)
        # vvvvvvvvvvvvvvvvvv
        widget=PasswordInput
        )
    class Meta:
        model = User
        fields = ('url', 'id', 'username', 'password', [...]