Chrome 81 on macOS (Catalina)
When creating a user via the API, the password does not work. It seems the API is not correctly processing the password, or the documentation doesn't state in which format the password should be provided.
I expect the login credentials to work.
First generate an API auth token using your admin credentials:
curl -X POST -d "username=adminuser&password=adminpass" http://localhost:8000/api/token-auth/
Then invoke the "create a user" API endpoint:
curl -X POST -H "Authorization: JWT <token>" -d "username=testuser&password=testpass" http://localhost:8000/api/admin/users/
Here is the response. Note that the password is returned in cleartext:
{"id":10,"password":"testpass","last_login":null,"is_superuser":false,"username":"testuser","first_name":"","last_name":"","email":"","is_staff":false,"is_active":false,"date_joined":"2020-05-22T09:40:14.285065Z","groups":[],"user_permissions":[]}
When checking WebODM it shows that the password is in an invalid format:

I'm guessing the API is not processing the password (i.e. it is assuming it is in whatever internal format webodm uses to stored the salted/hashed password).
Is this a bug or a feature?
The API docs don't state anything about the format. Just says "password".
Hey @pqvst :hand: I think the API expects the output of make_password as from:
# python manage.py shell
>>> from django.contrib.auth.hashers import make_password
>>> make_password('test123')
'pbkdf2_sha256$120000$TACc1XZLIuwM$cwDupsXeMNMPL/TKs1OCRKpSlY7OkNaGNrW9Lrx7Pb8='
(Careful to escape the $ characters with \$ if you type the string into bash or some other terminal).
This is less than ideal, perhaps you might be interested in modifying the API behavior to accept a clear password instead? :pray:
Or simply a note in the docs would be helpful to clarify this also (as they are misleading, like you found).
API logic is in https://github.com/OpenDroneMap/WebODM/blob/master/app/api/admin.py and tests are in https://github.com/OpenDroneMap/WebODM/blob/master/app/tests/test_api_admin.py