fix: Password Security (#163)

* Using Pydantic SecretStr type to protect password field as suggested in #161

* fixed failing tests

Author: eadwinCode

ninja_jwt/schema.py

@@ -11,7 +11,7 @@
 from ninja.schema import DjangoGetter
 from ninja_extra import service_resolver
 from ninja_extra.context import RouteContext
-from pydantic import ConfigDict, ValidationInfo, model_validator
+from pydantic import ConfigDict, SecretStr, ValidationInfo, model_validator
 from pydantic.main import BaseModel
 
 import ninja_jwt.exceptions as exceptions
@@ -126,6 +126,8 @@ def get_token(cls, user: AbstractUser) -> Dict:
 
 
 class TokenObtainInputSchemaBase(ModelSchema, TokenInputSchemaMixin):
+    password: SecretStr
+
     class Meta:
         # extra = "forbid"
         model = get_user_model()
@@ -147,6 +149,9 @@ def post_validate(self, info: ValidationInfo) -> BaseModel:
         )
 
         credentials = schema_input.get_values()
+        password: SecretStr = credentials.pop("password")
+        if password and isinstance(password, SecretStr):
+            credentials["password"] = password.get_secret_value()
         request = schema_input.get_request()
 
         self.authenticate(request, credentials)