diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6276dddcd..cfa4bdc44 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,6 +19,7 @@ jobs: - '3.10' - '3.11' - '3.12' + - '3.13' steps: - uses: actions/checkout@v4 @@ -33,10 +34,10 @@ jobs: run: python -m pip install --upgrade pip setuptools virtualenv wheel - name: Install dependencies - run: python -m pip install --upgrade codecov tox + run: python -m pip install --upgrade tox - name: Run tox targets for ${{ matrix.python-version }} - run: tox run -f py$(echo ${{ matrix.python-version }} | tr -d .) + run: tox run -f py$(echo ${{ matrix.python-version }} | tr -d . | cut -f 1 -d '-') - name: Run extra tox targets if: ${{ matrix.python-version == '3.9' }} @@ -44,8 +45,9 @@ jobs: tox -e base,dist,docs - name: Upload coverage - run: | - codecov -e TOXENV,DJANGO + uses: codecov/codecov-action@v5 + with: + env_vars: TOXENV,DJANGO test-docs: name: Test documentation links diff --git a/README.md b/README.md index fc44a461e..6e62fb39a 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ Some reasons you might want to use REST framework: # Requirements * Python 3.8+ -* Django 5.0, 4.2 +* Django 4.2, 5.0, 5.1 We **highly recommend** and only officially support the latest patch release of each Python and Django series. diff --git a/SECURITY.md b/SECURITY.md index a92a1b0cf..88ff092a2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,8 +2,6 @@ ## Reporting a Vulnerability -Security issues are handled under the supervision of the [Django security team](https://www.djangoproject.com/foundation/teams/#security-team). +**Please report security issues by emailing security@encode.io**. - **Please report security issues by emailing security@djangoproject.com**. - - The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure. +The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure. diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index d6e6293fd..8409a83c8 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -90,6 +90,12 @@ The kind of response that will be used depends on the authentication scheme. Al Note that when a request may successfully authenticate, but still be denied permission to perform the request, in which case a `403 Permission Denied` response will always be used, regardless of the authentication scheme. +## Django 5.1+ `LoginRequiredMiddleware` + +If you're running Django 5.1+ and use the [`LoginRequiredMiddleware`][login-required-middleware], please note that all views from DRF are opted-out of this middleware. This is because the authentication in DRF is based authentication and permissions classes, which may be determined after the middleware has been applied. Additionally, when the request is not authenticated, the middleware redirects the user to the login page, which is not suitable for API requests, where it's preferable to return a 401 status code. + +REST framework offers an equivalent mechanism for DRF views via the global settings, `DEFAULT_AUTHENTICATION_CLASSES` and `DEFAULT_PERMISSION_CLASSES`. They should be changed accordingly if you need to enforce that API requests are logged in. + ## Apache mod_wsgi specific configuration Note that if deploying to [Apache using mod_wsgi][mod_wsgi_official], the authorization header is not passed through to a WSGI application by default, as it is assumed that authentication will be handled by Apache, rather than at an application level. @@ -484,3 +490,4 @@ More information can be found in the [Documentation](https://django-rest-durin.r [drfpasswordless]: https://github.com/aaronn/django-rest-framework-passwordless [django-rest-authemail]: https://github.com/celiao/django-rest-authemail [django-rest-durin]: https://github.com/eshaan7/django-rest-durin +[login-required-middleware]: https://docs.djangoproject.com/en/stable/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware \ No newline at end of file diff --git a/docs/api-guide/fields.md b/docs/api-guide/fields.md index 94b6e7c21..5cbedd964 100644 --- a/docs/api-guide/fields.md +++ b/docs/api-guide/fields.md @@ -291,8 +291,8 @@ Corresponds to `django.db.models.fields.DecimalField`. * `max_digits` The maximum number of digits allowed in the number. It must be either `None` or an integer greater than or equal to `decimal_places`. * `decimal_places` The number of decimal places to store with the number. * `coerce_to_string` Set to `True` if string values should be returned for the representation, or `False` if `Decimal` objects should be returned. Defaults to the same value as the `COERCE_DECIMAL_TO_STRING` settings key, which will be `True` unless overridden. If `Decimal` objects are returned by the serializer, then the final output format will be determined by the renderer. Note that setting `localize` will force the value to `True`. -* `max_value` Validate that the number provided is no greater than this value. -* `min_value` Validate that the number provided is no less than this value. +* `max_value` Validate that the number provided is no greater than this value. Should be an integer or `Decimal` object. +* `min_value` Validate that the number provided is no less than this value. Should be an integer or `Decimal` object. * `localize` Set to `True` to enable localization of input and output based on the current locale. This will also force `coerce_to_string` to `True`. Defaults to `False`. Note that data formatting is enabled if you have set `USE_L10N=True` in your settings file. * `rounding` Sets the rounding mode used when quantizing to the configured precision. Valid values are [`decimal` module rounding modes][python-decimal-rounding-modes]. Defaults to `None`. * `normalize_output` Will normalize the decimal value when serialized. This will strip all trailing zeroes and change the value's precision to the minimum required precision to be able to represent the value without losing data. Defaults to `False`. diff --git a/docs/api-guide/renderers.md b/docs/api-guide/renderers.md index d48f785ab..7a6bd39f4 100644 --- a/docs/api-guide/renderers.md +++ b/docs/api-guide/renderers.md @@ -525,7 +525,7 @@ Comma-separated values are a plain-text tabular data format, that can be easily ## LaTeX -[Rest Framework Latex] provides a renderer that outputs PDFs using Laulatex. It is maintained by [Pebble (S/F Software)][mypebble]. +[Rest Framework Latex] provides a renderer that outputs PDFs using Lualatex. It is maintained by [Pebble (S/F Software)][mypebble]. [cite]: https://docs.djangoproject.com/en/stable/ref/template-response/#the-rendering-process diff --git a/docs/api-guide/routers.md b/docs/api-guide/routers.md index 91ef0b96e..d6bdeb235 100644 --- a/docs/api-guide/routers.md +++ b/docs/api-guide/routers.md @@ -142,6 +142,24 @@ The above example would now generate the following URL pattern: * URL path: `^users/{pk}/change-password/$` * URL name: `'user-change_password'` +### Using Django `path()` with routers + +By default, the URLs created by routers use regular expressions. This behavior can be modified by setting the `use_regex_path` argument to `False` when instantiating the router, in this case [path converters][path-converters-topic-reference] are used. For example: + + router = SimpleRouter(use_regex_path=False) + +The router will match lookup values containing any characters except slashes and period characters. For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset or `lookup_value_converter` if using path converters. For example, you can limit the lookup to valid UUIDs: + + class MyModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet): + lookup_field = 'my_model_id' + lookup_value_regex = '[0-9a-f]{32}' + + class MyPathModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet): + lookup_field = 'my_model_uuid' + lookup_value_converter = 'uuid' + +Note that path converters will be used on all URLs registered in the router, including viewset actions. + # API Guide ## SimpleRouter @@ -160,30 +178,13 @@ This router includes routes for the standard set of `list`, `create`, `retrieve` {prefix}/{lookup}/{url_path}/GET, or as specified by `methods` argument`@action(detail=True)` decorated method{basename}-{url_name} -By default the URLs created by `SimpleRouter` are appended with a trailing slash. +By default, the URLs created by `SimpleRouter` are appended with a trailing slash. This behavior can be modified by setting the `trailing_slash` argument to `False` when instantiating the router. For example: router = SimpleRouter(trailing_slash=False) Trailing slashes are conventional in Django, but are not used by default in some other frameworks such as Rails. Which style you choose to use is largely a matter of preference, although some javascript frameworks may expect a particular routing style. -By default the URLs created by `SimpleRouter` use regular expressions. This behavior can be modified by setting the `use_regex_path` argument to `False` when instantiating the router, in this case [path converters][path-converters-topic-reference] are used. For example: - - router = SimpleRouter(use_regex_path=False) - -**Note**: `use_regex_path=False` only works with Django 2.x or above, since this feature was introduced in 2.0.0. See [release note][simplified-routing-release-note] - - -The router will match lookup values containing any characters except slashes and period characters. For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset or `lookup_value_converter` if using path converters. For example, you can limit the lookup to valid UUIDs: - - class MyModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet): - lookup_field = 'my_model_id' - lookup_value_regex = '[0-9a-f]{32}' - - class MyPathModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet): - lookup_field = 'my_model_uuid' - lookup_value_converter = 'uuid' - ## DefaultRouter This router is similar to `SimpleRouter` as above, but additionally includes a default API root view, that returns a response containing hyperlinks to all the list views. It also generates routes for optional `.json` style format suffixes. @@ -351,5 +352,4 @@ The [`DRF-extensions` package][drf-extensions] provides [routers][drf-extensions [drf-extensions-customizable-endpoint-names]: https://chibisov.github.io/drf-extensions/docs/#controller-endpoint-name [url-namespace-docs]: https://docs.djangoproject.com/en/4.0/topics/http/urls/#url-namespaces [include-api-reference]: https://docs.djangoproject.com/en/4.0/ref/urls/#include -[simplified-routing-release-note]: https://docs.djangoproject.com/en/2.0/releases/2.0/#simplified-url-routing-syntax [path-converters-topic-reference]: https://docs.djangoproject.com/en/2.0/topics/http/urls/#path-converters diff --git a/docs/api-guide/serializers.md b/docs/api-guide/serializers.md index eae79b62f..8d56d36f5 100644 --- a/docs/api-guide/serializers.md +++ b/docs/api-guide/serializers.md @@ -233,7 +233,7 @@ Serializer classes can also include reusable validators that are applied to the class EventSerializer(serializers.Serializer): name = serializers.CharField() - room_number = serializers.IntegerField(choices=[101, 102, 103, 201]) + room_number = serializers.ChoiceField(choices=[101, 102, 103, 201]) date = serializers.DateField() class Meta: diff --git a/docs/api-guide/settings.md b/docs/api-guide/settings.md index 47e2ce993..7bee3166d 100644 --- a/docs/api-guide/settings.md +++ b/docs/api-guide/settings.md @@ -460,4 +460,4 @@ Default: `None` [cite]: https://www.python.org/dev/peps/pep-0020/ [rfc4627]: https://www.ietf.org/rfc/rfc4627.txt [heroku-minified-json]: https://github.com/interagent/http-api-design#keep-json-minified-in-all-responses -[strftime]: https://docs.python.org/3/library/time.html#time.strftime +[strftime]: https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes diff --git a/docs/api-guide/testing.md b/docs/api-guide/testing.md index 261df80f2..ed585faf2 100644 --- a/docs/api-guide/testing.md +++ b/docs/api-guide/testing.md @@ -25,9 +25,12 @@ The `APIRequestFactory` class supports an almost identical API to Django's stand factory = APIRequestFactory() request = factory.post('/notes/', {'title': 'new idea'}) + # Using the standard RequestFactory API to encode JSON data + request = factory.post('/notes/', {'title': 'new idea'}, content_type='application/json') + #### Using the `format` argument -Methods which create a request body, such as `post`, `put` and `patch`, include a `format` argument, which make it easy to generate requests using a content type other than multipart form data. For example: +Methods which create a request body, such as `post`, `put` and `patch`, include a `format` argument, which make it easy to generate requests using a wide set of request formats. When using this argument, the factory will select an appropriate renderer and its configured `content_type`. For example: # Create a JSON POST request factory = APIRequestFactory() @@ -41,7 +44,7 @@ To support a wider set of request formats, or change the default format, [see th If you need to explicitly encode the request body, you can do so by setting the `content_type` flag. For example: - request = factory.post('/notes/', json.dumps({'title': 'new idea'}), content_type='application/json') + request = factory.post('/notes/', yaml.dump({'title': 'new idea'}), content_type='application/yaml') #### PUT and PATCH with form data diff --git a/docs/api-guide/throttling.md b/docs/api-guide/throttling.md index 4c58fa713..0ea8b4158 100644 --- a/docs/api-guide/throttling.md +++ b/docs/api-guide/throttling.md @@ -45,7 +45,7 @@ The default throttling policy may be set globally, using the `DEFAULT_THROTTLE_C } } -The rate descriptions used in `DEFAULT_THROTTLE_RATES` may include `second`, `minute`, `hour` or `day` as the throttle period. +The rates used in `DEFAULT_THROTTLE_RATES` can be specified over a period of second, minute, hour or day. The period must be specified after the `/` separator using `s`, `m`, `h` or `d`, respectively. For increased clarity, extended units such as `second`, `minute`, `hour`, `day` or even abbreviations like `sec`, `min`, `hr` are allowed, as only the first character is relevant to identify the rate. You can also set the throttling policy on a per-view or per-viewset basis, using the `APIView` class-based views. diff --git a/docs/api-guide/validators.md b/docs/api-guide/validators.md index e181d4c61..b1f58ef23 100644 --- a/docs/api-guide/validators.md +++ b/docs/api-guide/validators.md @@ -48,7 +48,7 @@ If we open up the Django shell using `manage.py shell` we can now CustomerReportSerializer(): id = IntegerField(label='ID', read_only=True) time_raised = DateTimeField(read_only=True) - reference = CharField(max_length=20, validators=[]) + reference = CharField(max_length=20, validators=[UniqueValidator(queryset=CustomerReportRecord.objects.all())]) description = CharField(style={'type': 'textarea'}) The interesting bit here is the `reference` field. We can see that the uniqueness constraint is being explicitly enforced by a validator on the serializer field. diff --git a/docs/api-guide/viewsets.md b/docs/api-guide/viewsets.md index 43007e95d..22acfe327 100644 --- a/docs/api-guide/viewsets.md +++ b/docs/api-guide/viewsets.md @@ -128,6 +128,8 @@ You may inspect these attributes to adjust behavior based on the current action. permission_classes = [IsAdminUser] return [permission() for permission in permission_classes] +**Note**: the `action` attribute is not available in the `get_parsers`, `get_authenticators` and `get_content_negotiator` methods, as it is set _after_ they are called in the framework lifecycle. If you override one of these methods and try to access the `action` attribute in them, you will get an `AttributeError` error. + ## Marking extra actions for routing If you have ad-hoc methods that should be routable, you can mark them as such with the `@action` decorator. Like regular actions, extra actions may be intended for either a single object, or an entire collection. To indicate this, set the `detail` argument to `True` or `False`. The router will configure its URL patterns accordingly. e.g., the `DefaultRouter` will configure detail actions to contain `pk` in their URL patterns. diff --git a/docs/community/jobs.md b/docs/community/jobs.md index aa1c5d4b4..f3ce37d15 100644 --- a/docs/community/jobs.md +++ b/docs/community/jobs.md @@ -7,6 +7,7 @@ Looking for a new Django REST Framework related role? On this site we provide a * [https://www.djangoproject.com/community/jobs/][djangoproject-website] * [https://www.python.org/jobs/][python-org-jobs] +* [https://django.on-remote.com][django-on-remote] * [https://djangogigs.com][django-gigs-com] * [https://djangojobs.net/jobs/][django-jobs-net] * [https://findwork.dev/django-rest-framework-jobs][findwork-dev] @@ -26,6 +27,7 @@ Wonder how else you can help? One of the best ways you can help Django REST Fram [djangoproject-website]: https://www.djangoproject.com/community/jobs/ [python-org-jobs]: https://www.python.org/jobs/ +[django-on-remote]: https://django.on-remote.com/ [django-gigs-com]: https://djangogigs.com [django-jobs-net]: https://djangojobs.net/jobs/ [findwork-dev]: https://findwork.dev/django-rest-framework-jobs diff --git a/docs/community/tutorials-and-resources.md b/docs/community/tutorials-and-resources.md index f283e0e4c..b23b299ac 100644 --- a/docs/community/tutorials-and-resources.md +++ b/docs/community/tutorials-and-resources.md @@ -12,7 +12,7 @@ There are a wide range of resources available for learning and using Django REST - + @@ -28,7 +28,6 @@ There are a wide range of resources available for learning and using Django REST * [Beginner's Guide to the Django REST Framework][beginners-guide-to-the-django-rest-framework] * [Django REST Framework - An Introduction][drf-an-intro] * [Django REST Framework Tutorial][drf-tutorial] -* [Django REST Framework Course][django-rest-framework-course] * [Building a RESTful API with Django REST Framework][building-a-restful-api-with-drf] * [Getting Started with Django REST Framework and AngularJS][getting-started-with-django-rest-framework-and-angularjs] * [End to End Web App with Django REST Framework & AngularJS][end-to-end-web-app-with-django-rest-framework-angularjs] @@ -39,8 +38,10 @@ There are a wide range of resources available for learning and using Django REST * [Check Credentials Using Django REST Framework][check-credentials-using-django-rest-framework] * [Creating a Production Ready API with Python and Django REST Framework – Part 1][creating-a-production-ready-api-with-python-and-drf-part1] * [Creating a Production Ready API with Python and Django REST Framework – Part 2][creating-a-production-ready-api-with-python-and-drf-part2] -* [Django REST Framework Tutorial - Build a Blog API][django-rest-framework-tutorial-build-a-blog] -* [Django REST Framework & React Tutorial - Build a Todo List API][django-rest-framework-react-tutorial-build-a-todo-list] +* [Creating a Production Ready API with Python and Django REST Framework – Part 3][creating-a-production-ready-api-with-python-and-drf-part3] +* [Creating a Production Ready API with Python and Django REST Framework – Part 4][creating-a-production-ready-api-with-python-and-drf-part4] +* [Django Polls Tutorial API][django-polls-api] +* [Django REST Framework Tutorial: Todo API][django-rest-framework-todo-api] * [Tutorial: Django REST with React (Django 2.0)][django-rest-react-valentinog] @@ -53,7 +54,7 @@ There are a wide range of resources available for learning and using Django REST * [Django REST API - So Easy You Can Learn It in 25 Minutes][django-rest-api-so-easy] * [Tom Christie about Django Rest Framework at Django: Under The Hood][django-under-hood-2014] * [Django REST Framework: Schemas, Hypermedia & Client Libraries][pycon-uk-2016] - +* [Finally Understand Authentication in Django REST Framework][django-con-2018] ### Tutorials @@ -103,7 +104,6 @@ Want your Django REST Framework talk/tutorial/article to be added to our website [api-development-with-django-and-django-rest-framework]: https://bnotions.com/news-and-insights/api-development-with-django-and-django-rest-framework/ [cdrf.co]:http://www.cdrf.co [medium-django-rest-framework]: https://medium.com/django-rest-framework -[django-rest-framework-course]: https://teamtreehouse.com/library/django-rest-framework [pycon-uk-2016]: https://www.youtube.com/watch?v=FjmiGh7OqVg [django-under-hood-2014]: https://www.youtube.com/watch?v=3cSsbe-tA0E [integrating-pandas-drf-and-bokeh]: https://web.archive.org/web/20180104205117/http://machinalis.com/blog/pandas-django-rest-framework-bokeh/ @@ -115,10 +115,12 @@ Want your Django REST Framework talk/tutorial/article to be added to our website [chatbot-using-drf-part1]: https://chatbotslife.com/chatbot-using-django-rest-framework-api-ai-slack-part-1-3-69c7e38b7b1e#.g2aceuncf [new-django-admin-with-drf-and-emberjs]: https://blog.levit.be/new-django-admin-with-emberjs-what-are-the-news/ [drf-schema]: https://drf-schema-adapter.readthedocs.io/en/latest/ -[creating-a-production-ready-api-with-python-and-drf-part1]: https://www.andreagrandi.it/2016/09/28/creating-production-ready-api-python-django-rest-framework-part-1/ -[creating-a-production-ready-api-with-python-and-drf-part2]: https://www.andreagrandi.it/2016/10/01/creating-a-production-ready-api-with-python-and-django-rest-framework-part-2/ -[django-rest-framework-tutorial-build-a-blog]: https://wsvincent.com/django-rest-framework-tutorial/ -[django-rest-framework-react-tutorial-build-a-todo-list]: https://wsvincent.com/django-rest-framework-react-tutorial/ +[creating-a-production-ready-api-with-python-and-drf-part1]: https://www.andreagrandi.it/posts/creating-production-ready-api-python-django-rest-framework-part-1/ +[creating-a-production-ready-api-with-python-and-drf-part2]: https://www.andreagrandi.it/posts/creating-a-production-ready-api-with-python-and-django-rest-framework-part-2/ +[creating-a-production-ready-api-with-python-and-drf-part3]: https://www.andreagrandi.it/posts/creating-a-production-ready-api-with-python-and-django-rest-framework-part-3/ +[creating-a-production-ready-api-with-python-and-drf-part4]: https://www.andreagrandi.it/posts/creating-a-production-ready-api-with-python-and-django-rest-framework-part-4/ +[django-polls-api]: https://learndjango.com/tutorials/django-polls-tutorial-api +[django-rest-framework-todo-api]: https://learndjango.com/tutorials/django-rest-framework-tutorial-todo-api [django-rest-api-so-easy]: https://www.youtube.com/watch?v=cqP758k1BaQ [full-fledged-rest-api-with-django-oauth-tookit]: https://www.youtube.com/watch?v=M6Ud3qC2tTk [drf-in-your-pjs]: https://www.youtube.com/watch?v=xMtHsWa72Ww @@ -135,3 +137,4 @@ Want your Django REST Framework talk/tutorial/article to be added to our website [django-rest-react-valentinog]: https://www.valentinog.com/blog/tutorial-api-django-rest-react/ [doordash-implementing-rest-apis]: https://doordash.engineering/2013/10/07/implementing-rest-apis-with-embedded-privacy/ [developing-restful-apis-with-django-rest-framework]: https://testdriven.io/courses/django-rest-framework/ +[django-con-2018]: https://youtu.be/pY-oje5b5Qk?si=AOU6tLi0IL1_pVzq \ No newline at end of file diff --git a/docs/img/books/dfa-40-cover.jpg b/docs/img/books/dfa-40-cover.jpg new file mode 100644 index 000000000..cc47312c7 Binary files /dev/null and b/docs/img/books/dfa-40-cover.jpg differ diff --git a/docs/index.md b/docs/index.md index 719eb6e6e..ebeab3db3 100644 --- a/docs/index.md +++ b/docs/index.md @@ -87,8 +87,8 @@ continued development by **[signing up for a paid plan][funding]**. REST framework requires the following: -* Django (4.2, 5.0) -* Python (3.8, 3.9, 3.10, 3.11, 3.12) +* Django (4.2, 5.0, 5.1) +* Python (3.8, 3.9, 3.10, 3.11, 3.12, 3.13) We **highly recommend** and only officially support the latest patch release of each Python and Django series. @@ -196,9 +196,7 @@ For priority support please sign up for a [professional or premium sponsorship p ## Security -Security issues are handled under the supervision of the [Django security team](https://www.djangoproject.com/foundation/teams/#security-team). - -**Please report security issues by emailing security@djangoproject.com**. +**Please report security issues by emailing security@encode.io**. The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure. diff --git a/docs/topics/browsable-api.md b/docs/topics/browsable-api.md index 9a95edfc6..fe35be8b3 100644 --- a/docs/topics/browsable-api.md +++ b/docs/topics/browsable-api.md @@ -20,9 +20,11 @@ By default, the API will return the format specified by the headers, which in th To quickly add authentication to the browesable api, add a routes named `"login"` and `"logout"` under the namespace `"rest_framework"`. DRF provides default routes for this which you can add to your urlconf: ```python +from django.urls import include, path + urlpatterns = [ # ... - url(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")) + path("api-auth/", include("rest_framework.urls", namespace="rest_framework")) ] ``` diff --git a/docs/topics/internationalization.md b/docs/topics/internationalization.md index 267ccdb37..2f8f2abf0 100644 --- a/docs/topics/internationalization.md +++ b/docs/topics/internationalization.md @@ -105,7 +105,7 @@ For API clients the most appropriate of these will typically be to use the `Acce [cite]: https://youtu.be/Wa0VfS2q94Y [django-translation]: https://docs.djangoproject.com/en/stable/topics/i18n/translation [custom-exception-handler]: ../api-guide/exceptions.md#custom-exception-handling -[transifex-project]: https://www.transifex.com/projects/p/django-rest-framework/ +[transifex-project]: https://explore.transifex.com/django-rest-framework-1/django-rest-framework/ [django-po-source]: https://raw.githubusercontent.com/encode/django-rest-framework/master/rest_framework/locale/en_US/LC_MESSAGES/django.po [django-language-preference]: https://docs.djangoproject.com/en/stable/topics/i18n/translation/#how-django-discovers-language-preference [django-locale-paths]: https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-LOCALE_PATHS diff --git a/docs/tutorial/1-serialization.md b/docs/tutorial/1-serialization.md index 1dac5e0d8..b9bf67acb 100644 --- a/docs/tutorial/1-serialization.md +++ b/docs/tutorial/1-serialization.md @@ -321,7 +321,7 @@ You can install httpie using pip: Finally, we can get a list of all of the snippets: - http http://127.0.0.1:8000/snippets/ --unsorted + http GET http://127.0.0.1:8000/snippets/ --unsorted HTTP/1.1 200 OK ... @@ -354,7 +354,7 @@ Finally, we can get a list of all of the snippets: Or we can get a particular snippet by referencing its id: - http http://127.0.0.1:8000/snippets/2/ --unsorted + http GET http://127.0.0.1:8000/snippets/2/ --unsorted HTTP/1.1 200 OK ... diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py index 636f0c8ad..e33bfa99d 100644 --- a/rest_framework/__init__.py +++ b/rest_framework/__init__.py @@ -23,9 +23,5 @@ HTTP_HEADER_ENCODING = 'iso-8859-1' ISO_8601 = 'iso-8601' -class RemovedInDRF316Warning(DeprecationWarning): - pass - - class RemovedInDRF317Warning(PendingDeprecationWarning): pass diff --git a/rest_framework/fields.py b/rest_framework/fields.py index cbc02e2c2..6989edc0a 100644 --- a/rest_framework/fields.py +++ b/rest_framework/fields.py @@ -986,10 +986,10 @@ class DecimalField(Field): self.max_value = max_value self.min_value = min_value - if self.max_value is not None and not isinstance(self.max_value, decimal.Decimal): - warnings.warn("max_value should be a Decimal instance.") - if self.min_value is not None and not isinstance(self.min_value, decimal.Decimal): - warnings.warn("min_value should be a Decimal instance.") + if self.max_value is not None and not isinstance(self.max_value, (int, decimal.Decimal)): + warnings.warn("max_value should be an integer or Decimal instance.") + if self.min_value is not None and not isinstance(self.min_value, (int, decimal.Decimal)): + warnings.warn("min_value should be an integer or Decimal instance.") if self.max_digits is not None and self.decimal_places is not None: self.max_whole_digits = self.max_digits - self.decimal_places diff --git a/rest_framework/locale/fa/LC_MESSAGES/django.po b/rest_framework/locale/fa/LC_MESSAGES/django.po index 6a5b99acf..fd7001d32 100644 --- a/rest_framework/locale/fa/LC_MESSAGES/django.po +++ b/rest_framework/locale/fa/LC_MESSAGES/django.po @@ -7,6 +7,7 @@ # Aryan Baghi , 2020 # Omid Zarin , 2019 # Xavier Ordoquy , 2020 +# Sina Amini , 2024 msgid "" msgstr "" "Project-Id-Version: Django REST framework\n" @@ -187,7 +188,7 @@ msgstr "مطمعن شوید طول این مقدار حداقل {min_length} ا #: fields.py:816 msgid "Enter a valid email address." -msgstr "پست الکترونیکی صحبح وارد کنید." +msgstr "پست الکترونیکی صحیح وارد کنید." #: fields.py:827 msgid "This value does not match the required pattern." diff --git a/rest_framework/locale/fa_IR/LC_MESSAGES/django.mo b/rest_framework/locale/fa_IR/LC_MESSAGES/django.mo index 52d3f3bf8..35775d9f2 100644 Binary files a/rest_framework/locale/fa_IR/LC_MESSAGES/django.mo and b/rest_framework/locale/fa_IR/LC_MESSAGES/django.mo differ diff --git a/rest_framework/locale/fa_IR/LC_MESSAGES/django.po b/rest_framework/locale/fa_IR/LC_MESSAGES/django.po index 61361d50e..280725a73 100644 --- a/rest_framework/locale/fa_IR/LC_MESSAGES/django.po +++ b/rest_framework/locale/fa_IR/LC_MESSAGES/django.po @@ -7,6 +7,7 @@ # Aryan Baghi , 2020 # Omid Zarin , 2019 # Xavier Ordoquy , 2020 +# Sina Amini , 2024 msgid "" msgstr "" "Project-Id-Version: Django REST framework\n" @@ -187,7 +188,7 @@ msgstr "مطمعن شوید طول این مقدار حداقل {min_length} ا #: fields.py:816 msgid "Enter a valid email address." -msgstr "پست الکترونیکی صحبح وارد کنید." +msgstr "پست الکترونیکی صحیح وارد کنید." #: fields.py:827 msgid "This value does not match the required pattern." diff --git a/rest_framework/locale/pt_BR/LC_MESSAGES/django.po b/rest_framework/locale/pt_BR/LC_MESSAGES/django.po index 40651552d..4d47ce3b9 100644 --- a/rest_framework/locale/pt_BR/LC_MESSAGES/django.po +++ b/rest_framework/locale/pt_BR/LC_MESSAGES/django.po @@ -9,6 +9,7 @@ # Filipe Rinaldi , 2015 # Hugo Leonardo Chalhoub Mendonça , 2015 # Jonatas Baldin , 2017 +# Gabriel Mitelman Tkacz , 2024 msgid "" msgstr "" "Project-Id-Version: Django REST framework\n" @@ -106,11 +107,11 @@ msgstr "Ocorreu um erro de servidor." #: exceptions.py:142 msgid "Invalid input." -msgstr "" +msgstr "Entrada inválida" #: exceptions.py:161 msgid "Malformed request." -msgstr "Pedido malformado." +msgstr "Requisição malformada." #: exceptions.py:167 msgid "Incorrect authentication credentials." @@ -149,12 +150,12 @@ msgstr "Pedido foi limitado." #: exceptions.py:224 #, python-brace-format msgid "Expected available in {wait} second." -msgstr "" +msgstr "Disponível em {wait} segundo." #: exceptions.py:225 #, python-brace-format msgid "Expected available in {wait} seconds." -msgstr "" +msgstr "Disponível em {wait} segundos." #: fields.py:316 relations.py:245 relations.py:279 validators.py:90 #: validators.py:183 @@ -167,15 +168,15 @@ msgstr "Este campo não pode ser nulo." #: fields.py:701 msgid "Must be a valid boolean." -msgstr "" +msgstr "Deve ser um valor booleano válido." #: fields.py:766 msgid "Not a valid string." -msgstr "" +msgstr "Não é uma string válida." #: fields.py:767 msgid "This field may not be blank." -msgstr "Este campo não pode ser em branco." +msgstr "Este campo não pode estar em branco." #: fields.py:768 fields.py:1881 #, python-brace-format @@ -205,7 +206,7 @@ msgstr "Entrar um \"slug\" válido que consista de letras, números, sublinhados msgid "" "Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, " "or hyphens." -msgstr "" +msgstr "Digite um \"slug\" válido que consista de letras Unicode, números, sublinhados ou hífens." #: fields.py:854 msgid "Enter a valid URL." @@ -213,7 +214,7 @@ msgstr "Entrar um URL válido." #: fields.py:867 msgid "Must be a valid UUID." -msgstr "" +msgstr "Deve ser um UUID válido." #: fields.py:903 msgid "Enter a valid IPv4 or IPv6 address." @@ -271,11 +272,11 @@ msgstr "Necessário uma data e hora mas recebeu uma data." #: fields.py:1150 #, python-brace-format msgid "Invalid datetime for the timezone \"{timezone}\"." -msgstr "" +msgstr "Data e hora inválidas para o fuso horário \"{timezone}\"." #: fields.py:1151 msgid "Datetime value out of range." -msgstr "" +msgstr "Valor de data e hora fora do intervalo." #: fields.py:1236 #, python-brace-format @@ -299,7 +300,7 @@ msgstr "Formato inválido para Duração. Use um dos formatos a seguir: {format} #: fields.py:1399 fields.py:1456 #, python-brace-format msgid "\"{input}\" is not a valid choice." -msgstr "\"{input}\" não é um escolha válido." +msgstr "\"{input}\" não é um escolha válida." #: fields.py:1402 #, python-brace-format @@ -309,7 +310,7 @@ msgstr "Mais de {count} itens..." #: fields.py:1457 fields.py:1603 relations.py:485 serializers.py:570 #, python-brace-format msgid "Expected a list of items but got type \"{input_type}\"." -msgstr "Necessário uma lista de itens, mas recebeu tipo \"{input_type}\"." +msgstr "Esperava uma lista de itens, mas recebeu tipo \"{input_type}\"." #: fields.py:1458 msgid "This selection may not be empty." @@ -356,21 +357,21 @@ msgstr "Esta lista não pode estar vazia." #: fields.py:1605 #, python-brace-format msgid "Ensure this field has at least {min_length} elements." -msgstr "" +msgstr "Certifique-se de que este campo tenha pelo menos {min_length} elementos." #: fields.py:1606 #, python-brace-format msgid "Ensure this field has no more than {max_length} elements." -msgstr "" +msgstr "Certifique-se de que este campo não tenha mais que {max_length} elementos." #: fields.py:1682 #, python-brace-format msgid "Expected a dictionary of items but got type \"{input_type}\"." -msgstr "Esperado um dicionário de itens mas recebeu tipo \"{input_type}\"." +msgstr "Esperava um dicionário de itens mas recebeu tipo \"{input_type}\"." #: fields.py:1683 msgid "This dictionary may not be empty." -msgstr "" +msgstr "Este dicionário não pode estar vazio." #: fields.py:1755 msgid "Value must be valid JSON." @@ -382,7 +383,7 @@ msgstr "Buscar" #: filters.py:50 msgid "A search term." -msgstr "" +msgstr "Um termo de busca." #: filters.py:180 templates/rest_framework/filters/ordering.html:3 msgid "Ordering" @@ -390,7 +391,7 @@ msgstr "Ordenando" #: filters.py:181 msgid "Which field to use when ordering the results." -msgstr "" +msgstr "Qual campo usar ao ordenar os resultados." #: filters.py:287 msgid "ascending" @@ -402,11 +403,11 @@ msgstr "descendente" #: pagination.py:174 msgid "A page number within the paginated result set." -msgstr "" +msgstr "Um número de página dentro do conjunto de resultados paginado." #: pagination.py:179 pagination.py:372 pagination.py:590 msgid "Number of results to return per page." -msgstr "" +msgstr "Número de resultados a serem retornados por página." #: pagination.py:189 msgid "Invalid page." @@ -414,11 +415,11 @@ msgstr "Página inválida." #: pagination.py:374 msgid "The initial index from which to return the results." -msgstr "" +msgstr "O índice inicial a partir do qual retornar os resultados." #: pagination.py:581 msgid "The pagination cursor value." -msgstr "" +msgstr "O valor do cursor de paginação." #: pagination.py:583 msgid "Invalid cursor" @@ -432,7 +433,7 @@ msgstr "Pk inválido \"{pk_value}\" - objeto não existe." #: relations.py:247 #, python-brace-format msgid "Incorrect type. Expected pk value, received {data_type}." -msgstr "Tipo incorreto. Esperado valor pk, recebeu {data_type}." +msgstr "Tipo incorreto. Esperava valor pk, recebeu {data_type}." #: relations.py:280 msgid "Invalid hyperlink - No URL match." @@ -462,20 +463,20 @@ msgstr "Valor inválido." #: schemas/utils.py:32 msgid "unique integer value" -msgstr "" +msgstr "valor inteiro único" #: schemas/utils.py:34 msgid "UUID string" -msgstr "" +msgstr "string UUID" #: schemas/utils.py:36 msgid "unique value" -msgstr "" +msgstr "valor único" #: schemas/utils.py:38 #, python-brace-format msgid "A {value_type} identifying this {name}." -msgstr "" +msgstr "Um {value_type} que identifica este {name}." #: serializers.py:337 #, python-brace-format @@ -485,7 +486,7 @@ msgstr "Dado inválido. Necessário um dicionário mas recebeu {datatype}." #: templates/rest_framework/admin.html:116 #: templates/rest_framework/base.html:136 msgid "Extra Actions" -msgstr "" +msgstr "Ações Extras" #: templates/rest_framework/admin.html:130 #: templates/rest_framework/base.html:150 @@ -540,7 +541,7 @@ msgstr "Os campos {field_names} devem criar um set único." #: validators.py:171 #, python-brace-format msgid "Surrogate characters are not allowed: U+{code_point:X}." -msgstr "" +msgstr "Caracteres substitutos não são permitidos: U+{code_point:X}." #: validators.py:243 #, python-brace-format diff --git a/rest_framework/locale/zh_CN/LC_MESSAGES/django.po b/rest_framework/locale/zh_CN/LC_MESSAGES/django.po index 7e131db42..719df05a1 100644 --- a/rest_framework/locale/zh_CN/LC_MESSAGES/django.po +++ b/rest_framework/locale/zh_CN/LC_MESSAGES/django.po @@ -353,12 +353,12 @@ msgstr "列表字段不能为空值。" #: fields.py:1605 #, python-brace-format msgid "Ensure this field has at least {min_length} elements." -msgstr "" +msgstr "请确保这个字段至少包含 {min_length} 个元素。" #: fields.py:1606 #, python-brace-format msgid "Ensure this field has no more than {max_length} elements." -msgstr "" +msgstr "请确保这个字段不能超过 {max_length} 个元素。" #: fields.py:1682 #, python-brace-format @@ -367,7 +367,7 @@ msgstr "期望是包含类目的字典,得到类型为 “{input_type}”。" #: fields.py:1683 msgid "This dictionary may not be empty." -msgstr "" +msgstr "这个字典可能不是空的。" #: fields.py:1755 msgid "Value must be valid JSON." diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py index ea73c6657..b81f9ab46 100644 --- a/rest_framework/renderers.py +++ b/rest_framework/renderers.py @@ -171,6 +171,10 @@ class TemplateHTMLRenderer(BaseRenderer): def get_template_context(self, data, renderer_context): response = renderer_context['response'] + # in case a ValidationError is caught the data parameter may be a list + # see rest_framework.views.exception_handler + if isinstance(data, list): + return {'details': data, 'status_code': response.status_code} if response.exception: data['status_code'] = response.status_code return data diff --git a/rest_framework/request.py b/rest_framework/request.py index b29e64d16..1527e435b 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -217,7 +217,8 @@ class Request: @property def data(self): if not _hasattr(self, '_full_data'): - self._load_data_and_files() + with wrap_attributeerrors(): + self._load_data_and_files() return self._full_data @property @@ -420,13 +421,14 @@ class Request: _request = self.__getattribute__("_request") return getattr(_request, attr) except AttributeError: - return self.__getattribute__(attr) + raise AttributeError(f"'{self.__class__.__name__}' object has no attribute '{attr}'") @property def POST(self): # Ensure that request.POST uses our request parsing. if not _hasattr(self, '_data'): - self._load_data_and_files() + with wrap_attributeerrors(): + self._load_data_and_files() if is_form_media_type(self.content_type): return self._data return QueryDict('', encoding=self._request._encoding) @@ -437,7 +439,8 @@ class Request: # Different from the other two cases, which are not valid property # names on the WSGIRequest class. if not _hasattr(self, '_files'): - self._load_data_and_files() + with wrap_attributeerrors(): + self._load_data_and_files() return self._files def force_plaintext_errors(self, value): diff --git a/rest_framework/schemas/inspectors.py b/rest_framework/schemas/inspectors.py index cb880e79d..e027b46a7 100644 --- a/rest_framework/schemas/inspectors.py +++ b/rest_framework/schemas/inspectors.py @@ -79,8 +79,9 @@ class ViewInspector: view = self.view method_name = getattr(view, 'action', method.lower()) - method_docstring = getattr(view, method_name, None).__doc__ - if method_docstring: + method_func = getattr(view, method_name, None) + method_docstring = method_func.__doc__ + if method_func and method_docstring: # An explicit docstring on the method or action. return self._get_description_section(view, method.lower(), formatting.dedent(smart_str(method_docstring))) else: diff --git a/rest_framework/schemas/openapi.py b/rest_framework/schemas/openapi.py index f35106fe5..019eeb33e 100644 --- a/rest_framework/schemas/openapi.py +++ b/rest_framework/schemas/openapi.py @@ -11,9 +11,7 @@ from django.core.validators import ( from django.db import models from django.utils.encoding import force_str -from rest_framework import ( - RemovedInDRF316Warning, exceptions, renderers, serializers -) +from rest_framework import exceptions, renderers, serializers from rest_framework.compat import inflection, uritemplate from rest_framework.fields import _UnvalidatedField, empty from rest_framework.settings import api_settings @@ -721,11 +719,3 @@ class AutoSchema(ViewInspector): path = path[1:] return [path.split('/')[0].replace('_', '-')] - - def _get_reference(self, serializer): - warnings.warn( - "Method `_get_reference()` has been renamed to `get_reference()`. " - "The old name will be removed in DRF v3.16.", - RemovedInDRF316Warning, stacklevel=2 - ) - return self.get_reference(serializer) diff --git a/rest_framework/serializers.py b/rest_framework/serializers.py index b1b7b6477..f37bd3a3d 100644 --- a/rest_framework/serializers.py +++ b/rest_framework/serializers.py @@ -1490,6 +1490,8 @@ class ModelSerializer(Serializer): default = timezone.now elif unique_constraint_field.has_default(): default = unique_constraint_field.default + elif unique_constraint_field.null: + default = None else: default = empty diff --git a/rest_framework/test.py b/rest_framework/test.py index e939adcd7..c273724b9 100644 --- a/rest_framework/test.py +++ b/rest_framework/test.py @@ -150,15 +150,19 @@ class APIRequestFactory(DjangoRequestFactory): """ Encode the data returning a two tuple of (bytes, content_type) """ - if data is None: - return ('', content_type) + return (b'', content_type) assert format is None or content_type is None, ( 'You may not set both `format` and `content_type`.' ) if content_type: + try: + data = self._encode_json(data, content_type) + except AttributeError: + pass + # Content type specified explicitly, treat data as a raw bytestring ret = force_bytes(data, settings.DEFAULT_CHARSET) diff --git a/rest_framework/urlpatterns.py b/rest_framework/urlpatterns.py index bed5708eb..47a8194cf 100644 --- a/rest_framework/urlpatterns.py +++ b/rest_framework/urlpatterns.py @@ -1,10 +1,11 @@ from django.urls import URLResolver, include, path, re_path, register_converter +from django.urls.converters import get_converters from django.urls.resolvers import RoutePattern from rest_framework.settings import api_settings -def _get_format_path_converter(suffix_kwarg, allowed): +def _get_format_path_converter(allowed): if allowed: if len(allowed) == 1: allowed_pattern = allowed[0] @@ -23,11 +24,14 @@ def _get_format_path_converter(suffix_kwarg, allowed): def to_url(self, value): return '.' + value + '/' + return FormatSuffixConverter + + +def _generate_converter_name(allowed): converter_name = 'drf_format_suffix' if allowed: converter_name += '_' + '_'.join(allowed) - - return converter_name, FormatSuffixConverter + return converter_name def apply_suffix_patterns(urlpatterns, suffix_pattern, suffix_required, suffix_route=None): @@ -104,8 +108,10 @@ def format_suffix_patterns(urlpatterns, suffix_required=False, allowed=None): else: suffix_pattern = r'\.(?P<%s>[a-z0-9]+)/?$' % suffix_kwarg - converter_name, suffix_converter = _get_format_path_converter(suffix_kwarg, allowed) - register_converter(suffix_converter, converter_name) + converter_name = _generate_converter_name(allowed) + if converter_name not in get_converters(): + suffix_converter = _get_format_path_converter(allowed) + register_converter(suffix_converter, converter_name) suffix_route = '<%s:%s>' % (converter_name, suffix_kwarg) diff --git a/rest_framework/validators.py b/rest_framework/validators.py index 3f09c15cd..71ebc2ca9 100644 --- a/rest_framework/validators.py +++ b/rest_framework/validators.py @@ -159,17 +159,18 @@ class UniqueTogetherValidator: queryset = self.filter_queryset(attrs, queryset, serializer) queryset = self.exclude_current_instance(attrs, queryset, serializer.instance) + checked_names = [ + serializer.fields[field_name].source for field_name in self.fields + ] # Ignore validation if any field is None if serializer.instance is None: - checked_values = [ - value for field, value in attrs.items() if field in self.fields - ] + checked_values = [attrs[field_name] for field_name in checked_names] else: # Ignore validation if all field values are unchanged checked_values = [ - value - for field, value in attrs.items() - if field in self.fields and value != getattr(serializer.instance, field) + attrs[field_name] + for field_name in checked_names + if attrs[field_name] != getattr(serializer.instance, field_name) ] if checked_values and None not in checked_values and qs_exists(queryset): diff --git a/rest_framework/views.py b/rest_framework/views.py index 411c1ee38..327ebe903 100644 --- a/rest_framework/views.py +++ b/rest_framework/views.py @@ -1,6 +1,7 @@ """ Provides an APIView class that is the base of all views in REST framework. """ +from django import VERSION as DJANGO_VERSION from django.conf import settings from django.core.exceptions import PermissionDenied from django.db import connections, models @@ -139,6 +140,11 @@ class APIView(View): view.cls = cls view.initkwargs = initkwargs + # Exempt all DRF views from Django's LoginRequiredMiddleware. Users should set + # DEFAULT_PERMISSION_CLASSES to 'rest_framework.permissions.IsAuthenticated' instead + if DJANGO_VERSION >= (5, 1): + view.login_required = False + # Note: session based authentication is explicitly CSRF validated, # all other authentication is CSRF exempt. return csrf_exempt(view) diff --git a/rest_framework/viewsets.py b/rest_framework/viewsets.py index 2eba17b4a..a9c90a8d9 100644 --- a/rest_framework/viewsets.py +++ b/rest_framework/viewsets.py @@ -19,6 +19,7 @@ automatically. from functools import update_wrapper from inspect import getmembers +from django import VERSION as DJANGO_VERSION from django.urls import NoReverseMatch from django.utils.decorators import classonlymethod from django.views.decorators.csrf import csrf_exempt @@ -136,6 +137,12 @@ class ViewSetMixin: view.cls = cls view.initkwargs = initkwargs view.actions = actions + + # Exempt from Django's LoginRequiredMiddleware. Users should set + # DEFAULT_PERMISSION_CLASSES to 'rest_framework.permissions.IsAuthenticated' instead + if DJANGO_VERSION >= (5, 1): + view.login_required = False + return csrf_exempt(view) def initialize_request(self, request, *args, **kwargs): diff --git a/setup.py b/setup.py index 568909bbc..67904ec61 100755 --- a/setup.py +++ b/setup.py @@ -91,6 +91,7 @@ setup( 'Framework :: Django', 'Framework :: Django :: 4.2', 'Framework :: Django :: 5.0', + 'Framework :: Django :: 5.1', 'Intended Audience :: Developers', 'License :: OSI Approved :: BSD License', 'Operating System :: OS Independent', @@ -101,6 +102,7 @@ setup( 'Programming Language :: Python :: 3.10', 'Programming Language :: Python :: 3.11', 'Programming Language :: Python :: 3.12', + 'Programming Language :: Python :: 3.13', 'Programming Language :: Python :: 3 :: Only', 'Topic :: Internet :: WWW/HTTP', ], diff --git a/tests/test_fields.py b/tests/test_fields.py index 430681763..1403a6a35 100644 --- a/tests/test_fields.py +++ b/tests/test_fields.py @@ -1245,13 +1245,13 @@ class TestMinMaxDecimalField(FieldValues): '20.0': Decimal('20.0'), } invalid_inputs = { - '9.9': ['Ensure this value is greater than or equal to 10.'], - '20.1': ['Ensure this value is less than or equal to 20.'], + '9.9': ['Ensure this value is greater than or equal to 10.0.'], + '20.1': ['Ensure this value is less than or equal to 20.0.'], } outputs = {} field = serializers.DecimalField( max_digits=3, decimal_places=1, - min_value=10, max_value=20 + min_value=10.0, max_value=20.0 ) def test_warning_when_not_decimal_types(self, caplog): @@ -1260,14 +1260,14 @@ class TestMinMaxDecimalField(FieldValues): serializers.DecimalField( max_digits=3, decimal_places=1, - min_value=10, max_value=20 + min_value=10.0, max_value=20.0 ) assert len(w) == 2 assert all(issubclass(i.category, UserWarning) for i in w) - assert 'max_value should be a Decimal instance' in str(w[0].message) - assert 'min_value should be a Decimal instance' in str(w[1].message) + assert 'max_value should be an integer or Decimal instance' in str(w[0].message) + assert 'min_value should be an integer or Decimal instance' in str(w[1].message) class TestAllowEmptyStrDecimalFieldWithValidators(FieldValues): diff --git a/tests/test_htmlrenderer.py b/tests/test_htmlrenderer.py index fa0f4efc6..aa0cfb19c 100644 --- a/tests/test_htmlrenderer.py +++ b/tests/test_htmlrenderer.py @@ -8,6 +8,7 @@ from django.urls import path from rest_framework import status from rest_framework.decorators import api_view, renderer_classes +from rest_framework.exceptions import ValidationError from rest_framework.renderers import TemplateHTMLRenderer from rest_framework.response import Response @@ -34,10 +35,17 @@ def not_found(request): raise Http404() +@api_view(('GET',)) +@renderer_classes((TemplateHTMLRenderer,)) +def validation_error(request): + raise ValidationError('error') + + urlpatterns = [ path('', example), path('permission_denied', permission_denied), path('not_found', not_found), + path('validation_error', validation_error), ] @@ -91,6 +99,12 @@ class TemplateHTMLRendererTests(TestCase): self.assertEqual(response.content, b"403 Forbidden") self.assertEqual(response['Content-Type'], 'text/html; charset=utf-8') + def test_validation_error_html_view(self): + response = self.client.get('/validation_error') + self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) + self.assertEqual(response.content, b"400 Bad Request") + self.assertEqual(response['Content-Type'], 'text/html; charset=utf-8') + # 2 tests below are based on order of if statements in corresponding method # of TemplateHTMLRenderer def test_get_template_names_returns_own_template_name(self): diff --git a/tests/test_middleware.py b/tests/test_middleware.py index 6b2c91db7..11d4bc01e 100644 --- a/tests/test_middleware.py +++ b/tests/test_middleware.py @@ -1,14 +1,21 @@ +import unittest + +import django from django.contrib.auth.models import User from django.http import HttpRequest from django.test import override_settings -from django.urls import path +from django.urls import include, path +from rest_framework import status from rest_framework.authentication import TokenAuthentication from rest_framework.authtoken.models import Token +from rest_framework.decorators import action, api_view from rest_framework.request import is_form_media_type from rest_framework.response import Response +from rest_framework.routers import SimpleRouter from rest_framework.test import APITestCase from rest_framework.views import APIView +from rest_framework.viewsets import GenericViewSet class PostView(APIView): @@ -16,9 +23,39 @@ class PostView(APIView): return Response(data=request.data, status=200) +class GetAPIView(APIView): + def get(self, request): + return Response(data="OK", status=200) + + +@api_view(['GET']) +def get_func_view(request): + return Response(data="OK", status=200) + + +class ListViewSet(GenericViewSet): + + def list(self, request, *args, **kwargs): + response = Response() + response.view = self + return response + + @action(detail=False, url_path='list-action') + def list_action(self, request, *args, **kwargs): + response = Response() + response.view = self + return response + + +router = SimpleRouter() +router.register(r'view-set', ListViewSet, basename='view_set') + urlpatterns = [ path('auth', APIView.as_view(authentication_classes=(TokenAuthentication,))), path('post', PostView.as_view()), + path('get', GetAPIView.as_view()), + path('get-func', get_func_view), + path('api/', include(router.urls)), ] @@ -74,3 +111,38 @@ class TestMiddleware(APITestCase): response = self.client.post('/post', {'foo': 'bar'}, format='json') assert response.status_code == 200 + + +@unittest.skipUnless(django.VERSION >= (5, 1), 'Only for Django 5.1+') +@override_settings( + ROOT_URLCONF='tests.test_middleware', + MIDDLEWARE=( + # Needed for AuthenticationMiddleware + 'django.contrib.sessions.middleware.SessionMiddleware', + # Needed for LoginRequiredMiddleware + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.LoginRequiredMiddleware', + ), +) +class TestLoginRequiredMiddlewareCompat(APITestCase): + """ + Django's 5.1+ LoginRequiredMiddleware should NOT apply to DRF views. + + Instead, users should put IsAuthenticated in their + DEFAULT_PERMISSION_CLASSES setting. + """ + def test_class_based_view(self): + response = self.client.get('/get') + assert response.status_code == status.HTTP_200_OK + + def test_function_based_view(self): + response = self.client.get('/get-func') + assert response.status_code == status.HTTP_200_OK + + def test_viewset_list(self): + response = self.client.get('/api/view-set/') + assert response.status_code == status.HTTP_200_OK + + def test_viewset_list_action(self): + response = self.client.get('/api/view-set/list-action/') + assert response.status_code == status.HTTP_200_OK diff --git a/tests/test_prefetch_related.py b/tests/test_prefetch_related.py index b07087c97..12ecbf2e6 100644 --- a/tests/test_prefetch_related.py +++ b/tests/test_prefetch_related.py @@ -56,3 +56,17 @@ class TestPrefetchRelatedUpdates(TestCase): 'email': 'tom@example.com' } assert response.data == expected + + def test_can_update_without_queryset_on_class_view(self): + class UserUpdateWithoutQuerySet(generics.UpdateAPIView): + serializer_class = UserSerializer + + def get_object(self): + return User.objects.get(pk=self.kwargs['pk']) + + request = factory.patch('/', {'username': 'new'}) + response = UserUpdateWithoutQuerySet.as_view()(request, pk=self.user.pk) + assert response.data['id'] == self.user.id + assert response.data['username'] == 'new' + self.user.refresh_from_db() + assert self.user.username == 'new' diff --git a/tests/test_request.py b/tests/test_request.py index e37aa7dda..4263f2682 100644 --- a/tests/test_request.py +++ b/tests/test_request.py @@ -126,6 +126,25 @@ class TestContentParsing(TestCase): request.parsers = (PlainTextParser(), ) assert request.data == content + def test_calling_data_fails_when_attribute_error_is_raised(self): + """ + Ensure attribute errors raised when parsing are properly re-raised. + """ + expected_message = "Internal error" + + class BrokenParser: + media_type = "application/json" + + def parse(self, *args, **kwargs): + raise AttributeError(expected_message) + + http_request = factory.post('/', data={}, format="json") + request = Request(http_request) + request.parsers = (BrokenParser,) + + with self.assertRaisesMessage(WrappedAttributeError, expected_message): + request.data + class MockView(APIView): authentication_classes = (SessionAuthentication,) diff --git a/tests/test_testing.py b/tests/test_testing.py index a7e00ab63..26a6e8ffb 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -8,9 +8,11 @@ from django.shortcuts import redirect from django.test import TestCase, override_settings from django.urls import path -from rest_framework import fields, serializers +from rest_framework import fields, parsers, renderers, serializers, status from rest_framework.authtoken.models import Token -from rest_framework.decorators import api_view +from rest_framework.decorators import ( + api_view, parser_classes, renderer_classes +) from rest_framework.response import Response from rest_framework.test import ( APIClient, APIRequestFactory, URLPatternsTestCase, force_authenticate @@ -50,6 +52,18 @@ class BasicSerializer(serializers.Serializer): flag = fields.BooleanField(default=lambda: True) +@api_view(['POST']) +@parser_classes((parsers.JSONParser,)) +def post_json_view(request): + return Response(request.data) + + +@api_view(['DELETE']) +@renderer_classes((renderers.JSONRenderer, )) +def delete_json_view(request): + return Response(status=status.HTTP_204_NO_CONTENT) + + @api_view(['POST']) def post_view(request): serializer = BasicSerializer(data=request.data) @@ -62,7 +76,9 @@ urlpatterns = [ path('session-view/', session_view), path('redirect-view/', redirect_view), path('redirect-view//', redirect_307_308_view), - path('post-view/', post_view) + path('post-json-view/', post_json_view), + path('delete-json-view/', delete_json_view), + path('post-view/', post_view), ] @@ -236,6 +252,22 @@ class TestAPITestClient(TestCase): assert response.status_code == 200 assert response.data == {"flag": True} + def test_post_encodes_data_based_on_json_content_type(self): + data = {'data': True} + response = self.client.post( + '/post-json-view/', + data=data, + content_type='application/json' + ) + + assert response.status_code == 200 + assert response.data == data + + def test_delete_based_on_format(self): + response = self.client.delete('/delete-json-view/', format='json') + assert response.status_code == status.HTTP_204_NO_CONTENT + assert response.data is None + class TestAPIRequestFactory(TestCase): def test_csrf_exempt_by_default(self): diff --git a/tests/test_validators.py b/tests/test_validators.py index c38dc1134..9c1a0eac3 100644 --- a/tests/test_validators.py +++ b/tests/test_validators.py @@ -441,6 +441,14 @@ class TestUniquenessTogetherValidation(TestCase): serializer = NullUniquenessTogetherSerializer(data=data) assert serializer.is_valid() + def test_ignore_validation_for_missing_nullable_fields(self): + data = { + 'date': datetime.date(2000, 1, 1), + 'race_name': 'Paris Marathon', + } + serializer = NullUniquenessTogetherSerializer(data=data) + assert serializer.is_valid(), serializer.errors + def test_do_not_ignore_validation_for_null_fields(self): # None values that are not on fields part of the uniqueness constraint # do not cause the instance to skip validation. @@ -469,6 +477,28 @@ class TestUniquenessTogetherValidation(TestCase): assert serializer.is_valid() assert not mock.called + @patch("rest_framework.validators.qs_exists") + def test_unique_together_with_source(self, mock_qs_exists): + class UniqueTogetherWithSourceSerializer(serializers.ModelSerializer): + name = serializers.CharField(source="race_name") + pos = serializers.IntegerField(source="position") + + class Meta: + model = UniquenessTogetherModel + fields = ["name", "pos"] + + data = {"name": "Paris Marathon", "pos": 1} + instance = UniquenessTogetherModel.objects.create( + race_name="Paris Marathon", position=1 + ) + serializer = UniqueTogetherWithSourceSerializer(data=data) + assert not serializer.is_valid() + assert mock_qs_exists.called + mock_qs_exists.reset_mock() + serializer = UniqueTogetherWithSourceSerializer(data=data, instance=instance) + assert serializer.is_valid() + assert not mock_qs_exists.called + def test_filter_queryset_do_not_skip_existing_attribute(self): """ filter_queryset should add value from existing instance attribute @@ -517,12 +547,30 @@ class UniqueConstraintModel(models.Model): ] +class UniqueConstraintNullableModel(models.Model): + title = models.CharField(max_length=100) + age = models.IntegerField(null=True) + tag = models.CharField(max_length=100, null=True) + + class Meta: + constraints = [ + # Unique constraint on 2 nullable fields + models.UniqueConstraint(name='unique_constraint', fields=('age', 'tag')) + ] + + class UniqueConstraintSerializer(serializers.ModelSerializer): class Meta: model = UniqueConstraintModel fields = '__all__' +class UniqueConstraintNullableSerializer(serializers.ModelSerializer): + class Meta: + model = UniqueConstraintNullableModel + fields = ('title', 'age', 'tag') + + class TestUniqueConstraintValidation(TestCase): def setUp(self): self.instance = UniqueConstraintModel.objects.create( @@ -589,6 +637,12 @@ class TestUniqueConstraintValidation(TestCase): ids_in_qs = {frozenset(v.queryset.values_list(flat=True)) for v in validators if hasattr(v, "queryset")} assert ids_in_qs == {frozenset([1]), frozenset([3])} + def test_nullable_unique_constraint_fields_are_not_required(self): + serializer = UniqueConstraintNullableSerializer(data={'title': 'Bob'}) + self.assertTrue(serializer.is_valid(), serializer.errors) + result = serializer.save() + self.assertIsInstance(result, UniqueConstraintNullableModel) + # Tests for `UniqueForDateValidator` # ---------------------------------- diff --git a/tests/test_views.py b/tests/test_views.py index 2648c9fb3..11f24906e 100644 --- a/tests/test_views.py +++ b/tests/test_views.py @@ -1,5 +1,7 @@ import copy +import unittest +from django import VERSION as DJANGO_VERSION from django.test import TestCase from rest_framework import status @@ -136,3 +138,13 @@ class TestCustomSettings(TestCase): response = self.view(request) assert response.status_code == 400 assert response.data == {'error': 'SyntaxError'} + + +@unittest.skipUnless(DJANGO_VERSION >= (5, 1), 'Only for Django 5.1+') +class TestLoginRequiredMiddlewareCompat(TestCase): + def test_class_based_view_opted_out(self): + class_based_view = BasicView.as_view() + assert class_based_view.login_required is False + + def test_function_based_view_opted_out(self): + assert basic_view.login_required is False diff --git a/tests/test_viewsets.py b/tests/test_viewsets.py index 8e439c86e..68b1207c3 100644 --- a/tests/test_viewsets.py +++ b/tests/test_viewsets.py @@ -1,6 +1,8 @@ +import unittest from functools import wraps import pytest +from django import VERSION as DJANGO_VERSION from django.db import models from django.test import TestCase, override_settings from django.urls import include, path @@ -196,6 +198,11 @@ class InitializeViewSetsTestCase(TestCase): assert get.view.action == 'list_action' assert head.view.action == 'list_action' + @unittest.skipUnless(DJANGO_VERSION >= (5, 1), 'Only for Django 5.1+') + def test_login_required_middleware_compat(self): + view = ActionViewSet.as_view(actions={'get': 'list'}) + assert view.login_required is False + class GetExtraActionsTests(TestCase): diff --git a/tox.ini b/tox.ini index 16cc3f8f4..49833fe68 100644 --- a/tox.ini +++ b/tox.ini @@ -1,9 +1,10 @@ [tox] envlist = {py38,py39}-{django42} - {py310}-{django42,django50,djangomain} - {py311}-{django42,django50,djangomain} - {py312}-{django42,django50,djangomain} + {py310}-{django42,django50,django51,djangomain} + {py311}-{django42,django50,django51,djangomain} + {py312}-{django42,django50,django51,djangomain} + {py313}-{django51,djangomain} base dist docs @@ -17,6 +18,7 @@ setenv = deps = django42: Django>=4.2,<5.0 django50: Django>=5.0,<5.1 + django51: Django>=5.1,<5.2 djangomain: https://github.com/django/django/archive/main.tar.gz -rrequirements/requirements-testing.txt -rrequirements/requirements-optionals.txt @@ -42,12 +44,6 @@ deps = -rrequirements/requirements-testing.txt -rrequirements/requirements-documentation.txt -[testenv:py38-djangomain] -ignore_outcome = true - -[testenv:py39-djangomain] -ignore_outcome = true - [testenv:py310-djangomain] ignore_outcome = true @@ -56,3 +52,6 @@ ignore_outcome = true [testenv:py312-djangomain] ignore_outcome = true + +[testenv:py313-djangomain] +ignore_outcome = true