sunscrapers / djoser

REST implementation of Django authentication system.
MIT License
2.54k stars 459 forks source link

OpenAPI auth credentials reverse order #679

Open Gr3at opened 2 years ago

Gr3at commented 2 years ago

This is not a bug, rather a common logic (expected representation convention). The generated OpenAPI specification schema, presents username and password fields in reverse (as someone would expect it) order (screenshot attached).

image

I am user drf spectacular to generate the openapi schema. This might be my faulty configuration, but looking into an old related issue, the order seems to also be password before the username.

RahulGupta237 commented 1 year ago

HI i didnot understand please where am i go to changes for this issue

insspb commented 1 year ago

This is not issue. If you use djoser's universal serializer: The reason of such behaviour is that password field is always exist, username is optional.

If you use own serializer: Rewrite order on your side.

If you use djosers serializer, but want to change rendering in spectacular, you can create custom serializer, without logic, just with fields definition, and use spectacular extend_schema for overwrite.

Gr3at commented 1 year ago

This is not issue. If you use djoser's universal serializer: The reason of such behaviour is that password field is always exist, username is optional.

If you use own serializer: Rewrite order on your side.

If you use djosers serializer, but want to change rendering in spectacular, you can create custom serializer, without logic, just with fields definition, and use spectacular extend_schema for overwrite.

It's been quite some time, since I had this UX (imo) issue.

So, if I understand it correctly, what you suggest is the following:

# serializers.py
class CustomAuthSerializer(serializers.Serializer):
    username = serializers.CharField(min_length=3, max_length=20)
    password = serializers.CharField(min_length=8, max_length=50, write_only=True)
# views.py
# override the default login api view, post method to add the following
@extend_schema(description="Authentication token retrieval endpoint.", request=[CustomAuthSerializer])
insspb commented 1 year ago

@Gr3at Yes, something like this. i will not help on concrete @extend... decorator and parameters, as spectacular has several options, not only extend_schema. But conceptually yes, if you want to reorder fields in controlled manner, the best way to create custom serializer for documentation only.