Merge remote-tracking branch 'reference/2.4.0' into feature/pytest

Conflicts: rest_framework/runtests/urls.py tests/test_response.py tox.ini
2024-11-25 19:14:01 +03:00 · 2014-05-01 08:01:38 +02:00 · 2014-05-01 08:01:38 +02:00 · 7b4463f739
commit 7b4463f739
parent 2aca69a946 c9e6f31166
47 changed files with 551 additions and 1100 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -11,7 +11,6 @@ env:
  - DJANGO="django==1.6.3"
  - DJANGO="django==1.5.6"
  - DJANGO="django==1.4.11"
  - DJANGO="django==1.3.7"
 install:
  - pip install $DJANGO
@ -36,10 +35,5 @@ matrix:
      env: DJANGO="https://www.djangoproject.com/download/1.7b2/tarball/"
    - python: "3.2"
      env: DJANGO="django==1.4.11"
    - python: "3.2"
      env: DJANGO="django==1.3.7"
    - python: "3.3"
      env: DJANGO="django==1.4.11"
    - python: "3.3"
      env: DJANGO="django==1.3.7"
--- a/docs/api-guide/fields.md
+++ b/docs/api-guide/fields.md
@ -164,11 +164,12 @@ Corresponds to `django.db.models.fields.BooleanField`.
 ## CharField
 A text representation, optionally validates the text to be shorter than `max_length` and longer than `min_length`.
 If `allow_none` is `False` (default), `None` values will be converted to an empty string.
 Corresponds to `django.db.models.fields.CharField`
 or `django.db.models.fields.TextField`.
-**Signature:** `CharField(max_length=None, min_length=None)`
+**Signature:** `CharField(max_length=None, min_length=None, allow_none=False)`
 ## URLField
--- a/docs/api-guide/routers.md
+++ b/docs/api-guide/routers.md
@ -51,36 +51,41 @@ This means you'll need to explicitly set the `base_name` argument when registeri
 ### Extra link and actions
-Any methods on the viewset decorated with `@link` or `@action` will also be routed.
+Any methods on the viewset decorated with `@detail_route` or `@list_route` will also be routed.
 For example, given a method like this on the `UserViewSet` class:
-	from myapp.permissions import IsAdminOrIsSelf
+    from myapp.permissions import IsAdminOrIsSelf
-    from rest_framework.decorators import action
+    from rest_framework.decorators import detail_route
-
+    
-    @action(permission_classes=[IsAdminOrIsSelf])
+    class UserViewSet(ModelViewSet):
    def set_password(self, request, pk=None):
        ...
        @detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
        def set_password(self, request, pk=None):
            ...
 The following URL pattern would additionally be generated:
 * URL pattern: `^users/{pk}/set_password/$`  Name: `'user-set-password'`
 For more information see the viewset documentation on [marking extra actions for routing][route-decorators].
 # API Guide
 ## SimpleRouter
-This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions.  The viewset can also mark additional methods to be routed, using the `@link` or `@action` decorators.
+This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions.  The viewset can also mark additional methods to be routed, using the `@detail_route` or `@list_route` decorators.
 <table border=1>
    <tr><th>URL Style</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
    <tr><td rowspan=2>{prefix}/</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
    <tr><td>POST</td><td>create</td></tr>
    <tr><td>{prefix}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
    <tr><td rowspan=4>{prefix}/{lookup}/</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
    <tr><td>PUT</td><td>update</td></tr>
    <tr><td>PATCH</td><td>partial_update</td></tr>
    <tr><td>DELETE</td><td>destroy</td></tr>
-    <tr><td rowspan=2>{prefix}/{lookup}/{methodname}/</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
+    <tr><td>{prefix}/{lookup}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
    <tr><td>POST</td><td>@action decorated method</td></tr>
 </table>
 By default the URLs created by `SimpleRouter` are appended with a trailing slash.
@ -90,6 +95,12 @@ This behavior can be modified by setting the `trailing_slash` argument to `False
 Trailing slashes are conventional in Django, but are not used by default in some other frameworks such as Rails.  Which style you choose to use is largely a matter of preference, although some javascript frameworks may expect a particular routing style.
 The router will match lookup values containing any characters except slashes and period characters.  For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset.  For example, you can limit the lookup to valid UUIDs:
    class MyModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet):
        lookup_field = 'my_model_id'
        lookup_value_regex = '[0-9a-f]{32}'
 ## DefaultRouter
 This router is similar to `SimpleRouter` as above, but additionally includes a default API root view, that returns a response containing hyperlinks to all the list views.  It also generates routes for optional `.json` style format suffixes.
@ -99,12 +110,12 @@ This router is similar to `SimpleRouter` as above, but additionally includes a d
    <tr><td>[.format]</td><td>GET</td><td>automatically generated root view</td><td>api-root</td></tr></tr>
    <tr><td rowspan=2>{prefix}/[.format]</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
    <tr><td>POST</td><td>create</td></tr>
    <tr><td>{prefix}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
    <tr><td rowspan=4>{prefix}/{lookup}/[.format]</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
    <tr><td>PUT</td><td>update</td></tr>
    <tr><td>PATCH</td><td>partial_update</td></tr>
    <tr><td>DELETE</td><td>destroy</td></tr>
-    <tr><td rowspan=2>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
+    <tr><td>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
    <tr><td>POST</td><td>@action decorated method</td></tr>
 </table>
 As with `SimpleRouter` the trailing slashes on the URL routes can be removed by setting the `trailing_slash` argument to `False` when instantiating the router.
@ -133,28 +144,87 @@ The arguments to the `Route` named tuple are:
 **initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view.  Note that the `suffix` argument is reserved for identifying the viewset type, used when generating the view name and breadcrumb links.
 ## Customizing dynamic routes
 You can also customize how the `@list_route` and `@detail_route` decorators are routed.
 To route either or both of these decorators, include a `DynamicListRoute` and/or `DynamicDetailRoute` named tuple in the `.routes` list.
 The arguments to `DynamicListRoute` and `DynamicDetailRoute` are:
 **url**: A string representing the URL to be routed. May include the same format strings as `Route`, and additionally accepts the `{methodname}` and `{methodnamehyphen}` format strings.
 **name**: The name of the URL as used in `reverse` calls. May include the following format strings: `{basename}`, `{methodname}` and `{methodnamehyphen}`.
 **initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view.
 ## Example
 The following example will only route to the `list` and `retrieve` actions, and does not use the trailing slash convention.
-    from rest_framework.routers import Route, SimpleRouter
+    from rest_framework.routers import Route, DynamicDetailRoute, SimpleRouter
-    class ReadOnlyRouter(SimpleRouter):
+    class CustomReadOnlyRouter(SimpleRouter):
        """
        A router for read-only APIs, which doesn't use trailing slashes.
        """
        routes = [
-            Route(url=r'^{prefix}$',
+            Route(
-                  mapping={'get': 'list'},
+            	url=r'^{prefix}$',
-                  name='{basename}-list',
+            	mapping={'get': 'list'},
-                  initkwargs={'suffix': 'List'}),
+            	name='{basename}-list',
-            Route(url=r'^{prefix}/{lookup}$',
+            	initkwargs={'suffix': 'List'}
-                  mapping={'get': 'retrieve'},
+            ),
-                  name='{basename}-detail',
+            Route(
-                  initkwargs={'suffix': 'Detail'})
+            	url=r'^{prefix}/{lookup}$',
               mapping={'get': 'retrieve'},
               name='{basename}-detail',
               initkwargs={'suffix': 'Detail'}
            ),
            DynamicDetailRoute(
            	url=r'^{prefix}/{lookup}/{methodnamehyphen}$',
            	name='{basename}-{methodnamehyphen}',
            	initkwargs={}
        	)
        ]
-The `SimpleRouter` class provides another example of setting the `.routes` attribute.
+Let's take a look at the routes our `CustomReadOnlyRouter` would generate for a simple viewset.
 `views.py`:
    class UserViewSet(viewsets.ReadOnlyModelViewSet):
        """
        A viewset that provides the standard actions
        """
        queryset = User.objects.all()
        serializer_class = UserSerializer
        lookup_field = 'username'
        @detail_route()
        def group_names(self, request):
            """
            Returns a list of all the group names that the given
            user belongs to.
            """
            user = self.get_object()
            groups = user.groups.all()
            return Response([group.name for group in groups])
 `urls.py`:
    router = CustomReadOnlyRouter()
    router.register('users', UserViewSet)
 	urlpatterns = router.urls
 The following mappings would be generated...
 <table border=1>
    <tr><th>URL</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
    <tr><td>/users</td><td>GET</td><td>list</td><td>user-list</td></tr>
    <tr><td>/users/{username}</td><td>GET</td><td>retrieve</td><td>user-detail</td></tr>
    <tr><td>/users/{username}/group-names</td><td>GET</td><td>group_names</td><td>user-group-names</td></tr>
 </table>
 For another example of setting the `.routes` attribute, see the source code for the `SimpleRouter` class.
 ## Advanced custom routers
@ -180,6 +250,7 @@ The [wq.db package][wq.db] provides an advanced [Router][wq.db-router] class (an
    app.router.register_model(MyModel)
 [cite]: http://guides.rubyonrails.org/routing.html
 [route-decorators]: viewsets.html#marking-extra-actions-for-routing
 [drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
 [wq.db]: http://wq.io/wq.db
 [wq.db-router]: http://wq.io/docs/app.py
--- a/docs/api-guide/settings.md
+++ b/docs/api-guide/settings.md
@ -377,5 +377,11 @@ The name of a parameter in the URL conf that may be used to provide a format suf
 Default: `'format'`
 #### NUM_PROXIES
 An integer of 0 or more, that may be used to specify the number of application proxies that the API runs behind.  This allows throttling to more accurately identify client IP addresses.  If set to `None` then less strict IP matching will be used by the throttle classes.
 Default: `None`
 [cite]: http://www.python.org/dev/peps/pep-0020/
 [strftime]: http://docs.python.org/2/library/time.html#time.strftime
--- a/docs/api-guide/throttling.md
+++ b/docs/api-guide/throttling.md
@ -35,7 +35,7 @@ The default throttling policy may be set globally, using the `DEFAULT_THROTTLE_C
        'DEFAULT_THROTTLE_RATES': {
            'anon': '100/day',
            'user': '1000/day'
-        }        
+        }
    }
 The rate descriptions used in `DEFAULT_THROTTLE_RATES` may include `second`, `minute`, `hour` or `day` as the throttle period.
@ -66,6 +66,16 @@ Or, if you're using the `@api_view` decorator with function based views.
        }
        return Response(content)
 ## How clients are identified
 The `X-Forwarded-For` and `Remote-Addr` HTTP headers are used to uniquely identify client IP addresses for throttling.  If the `X-Forwarded-For` header is present then it will be used, otherwise the value of the `Remote-Addr` header will be used.
 If you need to strictly identify unique client IP addresses, you'll need to first configure the number of application proxies that the API runs behind by setting the `NUM_PROXIES` setting.  This setting should be an integer of zero or more.  If set to non-zero then the client IP will be identified as being the last IP address in the `X-Forwarded-For` header, once any application proxy IP addresses have first been excluded.  If set to zero, then the `Remote-Addr` header will always be used as the identifying IP address.
 It is important to understand that if you configure the `NUM_PROXIES` setting, then all clients behind a unique [NAT'd](http://en.wikipedia.org/wiki/Network_address_translation) gateway will be treated as a single client.
 Further context on how the `X-Forwarded-For` header works, and identifing a remote client IP can be [found here][identifing-clients].
 ## Setting up the cache
 The throttle classes provided by REST framework use Django's cache backend.  You should make sure that you've set appropriate [cache settings][cache-setting].  The default value of `LocMemCache` backend should be okay for simple setups.  See Django's [cache documentation][cache-docs] for more details.
@ -178,5 +188,6 @@ The following is an example of a rate throttle, that will randomly throttle 1 in
 [cite]: https://dev.twitter.com/docs/error-codes-responses
 [permissions]: permissions.md
 [identifing-clients]: http://oxpedia.org/wiki/index.php?title=AppSuite:Grizzly#Multiple_Proxies_in_front_of_the_cluster
 [cache-setting]: https://docs.djangoproject.com/en/dev/ref/settings/#caches
 [cache-docs]: https://docs.djangoproject.com/en/dev/topics/cache/#setting-up-the-cache
--- a/docs/api-guide/viewsets.md
+++ b/docs/api-guide/viewsets.md
@ -70,7 +70,7 @@ There are two main advantages of using a `ViewSet` class over using a `View` cla
 Both of these come with a trade-off.  Using regular views and URL confs is more explicit and gives you more control.  ViewSets are helpful if you want to get up and running quickly, or when you have a large API and you want to enforce a consistent URL configuration throughout.
-## Marking extra methods for routing
+## Marking extra actions for routing
 The default routers included with REST framework will provide routes for a standard set of create/retrieve/update/destroy style operations, as shown below:
@ -101,14 +101,16 @@ The default routers included with REST framework will provide routes for a stand
        def destroy(self, request, pk=None):
            pass
-If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@link` or `@action` decorators.  The `@link` decorator will route `GET` requests, and the `@action` decorator will route `POST` requests.
+If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@detail_route` or `@list_route` decorators.
 The `@detail_route` decorator contains `pk` in its URL pattern and is intended for methods which require a single instance. The `@list_route` decorator is intended for methods which operate on a list of objects.
 For example:
    from django.contrib.auth.models import User
    from rest_framework import viewsets
    from rest_framework import status
-    from rest_framework.decorators import action
+    from rest_framework import viewsets
    from rest_framework.decorators import detail_route, list_route
    from rest_framework.response import Response
    from myapp.serializers import UserSerializer, PasswordSerializer
@ -119,7 +121,7 @@ For example:
        queryset = User.objects.all()
        serializer_class = UserSerializer
-        @action()
+        @detail_route(methods=['post'])
        def set_password(self, request, pk=None):
            user = self.get_object()
            serializer = PasswordSerializer(data=request.DATA)
@ -131,21 +133,27 @@ For example:
                return Response(serializer.errors,
                                status=status.HTTP_400_BAD_REQUEST)
-The `@action` and `@link` decorators can additionally take extra arguments that will be set for the routed view only.  For example...
+        @list_route()
        def recent_users(self, request):
            recent_users = User.objects.all().order('-last_login')
            page = self.paginate_queryset(recent_users)
            serializer = self.get_pagination_serializer(page)
            return Response(serializer.data)
-        @action(permission_classes=[IsAdminOrIsSelf])
+The decorators can additionally take extra arguments that will be set for the routed view only.  For example...
        @detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
        def set_password(self, request, pk=None):
           ...
-The `@action` decorator will route `POST` requests by default, but may also accept other HTTP methods, by using the `method` argument.  For example:
+By default, the decorators will route `GET` requests, but may also accept other HTTP methods, by using the `methods` argument.  For example:
-        @action(methods=['POST', 'DELETE'])
+        @detail_route(methods=['post', 'delete'])
        def unset_password(self, request, pk=None):
           ...
 The two new actions will then be available at the urls `^users/{pk}/set_password/$` and `^users/{pk}/unset_password/$`
 ---
 # API Reference
--- a/docs/topics/2.4-accouncement.md
+++ b/docs/topics/2.4-accouncement.md
@ -0,0 +1,5 @@
 * Writable nested serializers.
 * List/detail routes.
 * 1.3 Support dropped, install six for <=1.4.?.
 * `allow_none` for char fields
 * `trailing_slash = True` --> `[^/]`, `trailing_slash = False` --> `[^/.]`, becomes simply `[^/]` and `lookup_value_regex` is added.
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@ -38,6 +38,17 @@ You can determine your currently installed version using `pip freeze`:
 ---
 ### 2.4.0
 * `@detail_route` and `@list_route` decorators replace `@action` and `@link`.
 * `six` no longer bundled.  For Django <= 1.4.1, install `six` package.
 * Support customizable view name and description functions, using the `VIEW_NAME_FUNCTION` and `VIEW_DESCRIPTION_FUNCTION` settings.
 * Added `NUM_PROXIES` setting for smarter client IP identification.
 * Added `MAX_PAGINATE_BY` setting and `max_paginate_by` generic view attribute.
 * Added `cache` attribute to throttles to allow overriding of default cache.
 * Bugfix: `?page_size=0` query parameter now falls back to default page size for view, instead of always turning pagination off.
 ## 2.3.x series
 ### 2.3.x
@ -60,6 +71,8 @@ You can determine your currently installed version using `pip freeze`:
 * Fix `Request`'s `QueryDict` encoding
 ### 2.3.13
 ## 2.3.x series
 **Date**: 6th March 2014
--- a/docs/tutorial/6-viewsets-and-routers.md
+++ b/docs/tutorial/6-viewsets-and-routers.md
@ -25,7 +25,7 @@ Here we've used `ReadOnlyModelViewSet` class to automatically provide the defaul
 Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighlight` view classes.  We can remove the three views, and again replace them with a single class.
-    from rest_framework.decorators import link
+    from rest_framework.decorators import detail_route
    class SnippetViewSet(viewsets.ModelViewSet):
        """
@ -39,7 +39,7 @@ Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighl
        permission_classes = (permissions.IsAuthenticatedOrReadOnly,
                              IsOwnerOrReadOnly,)
-        @link(renderer_classes=[renderers.StaticHTMLRenderer])
+        @detail_route(renderer_classes=[renderers.StaticHTMLRenderer])
        def highlight(self, request, *args, **kwargs):
            snippet = self.get_object()
            return Response(snippet.highlighted)
@ -49,9 +49,9 @@ Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighl
 This time we've used the `ModelViewSet` class in order to get the complete set of default read and write operations.
-Notice that we've also used the `@link` decorator to create a custom action, named `highlight`.  This decorator can be used to add any custom endpoints that don't fit into the standard `create`/`update`/`delete` style.
+Notice that we've also used the `@detail_route` decorator to create a custom action, named `highlight`.  This decorator can be used to add any custom endpoints that don't fit into the standard `create`/`update`/`delete` style.
-Custom actions which use the `@link` decorator will respond to `GET` requests.  We could have instead used the `@action` decorator if we wanted an action that responded to `POST` requests.
+Custom actions which use the `@detail_route` decorator will respond to `GET` requests.  We can use the `methods` argument if we wanted an action that responded to `POST` requests.
 ## Binding ViewSets to URLs explicitly
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@ -6,9 +6,9 @@ import base64
 from django.contrib.auth import authenticate
 from django.core.exceptions import ImproperlyConfigured
 from django.middleware.csrf import CsrfViewMiddleware
 from django.conf import settings
 from rest_framework import exceptions, HTTP_HEADER_ENCODING
 from rest_framework.compat import CsrfViewMiddleware
 from rest_framework.compat import oauth, oauth_provider, oauth_provider_store
 from rest_framework.compat import oauth2_provider, provider_now, check_nonce
 from rest_framework.authtoken.models import Token
--- a/rest_framework/compat.py
+++ b/rest_framework/compat.py
@ -5,25 +5,19 @@ versions of django/python, and compatibility wrappers around optional packages.
 # flake8: noqa
 from __future__ import unicode_literals
 import django
 import inspect
 from django.core.exceptions import ImproperlyConfigured
 from django.conf import settings
-# Try to import six from Django, fallback to included `six`.
+
 # Try to import six from Django, fallback to external `six` package.
 try:
    from django.utils import six
 except ImportError:
-    from rest_framework import six
+    import six
-# location of patterns, url, include changes in 1.4 onwards
+# Handle django.utils.encoding rename in 1.5 onwards.
 try:
    from django.conf.urls import patterns, url, include
 except ImportError:
    from django.conf.urls.defaults import patterns, url, include
 # Handle django.utils.encoding rename:
 # smart_unicode -> smart_text
 # force_unicode -> force_text
 try:
@ -42,13 +36,15 @@ try:
 except ImportError:
    from django.http import HttpResponse as HttpResponseBase
 # django-filter is optional
 try:
    import django_filters
 except ImportError:
    django_filters = None
-# guardian is optional
+
 # django-guardian is optional
 try:
    import guardian
 except ImportError:
@ -104,46 +100,13 @@ def get_concrete_model(model_cls):
        return model_cls
 # View._allowed_methods only present from 1.5 onwards
 if django.VERSION >= (1, 5):
    from django.views.generic import View
 else:
-    from django.views.generic import View as _View
+    from django.views.generic import View as DjangoView
    from django.utils.decorators import classonlymethod
    from django.utils.functional import update_wrapper
-    class View(_View):
+    class View(DjangoView):
        # 1.3 does not include head method in base View class
        # See: https://code.djangoproject.com/ticket/15668
        @classonlymethod
        def as_view(cls, **initkwargs):
            """
            Main entry point for a request-response process.
            """
            # sanitize keyword arguments
            for key in initkwargs:
                if key in cls.http_method_names:
                    raise TypeError("You tried to pass in the %s method name as a "
                                    "keyword argument to %s(). Don't do that."
                                    % (key, cls.__name__))
                if not hasattr(cls, key):
                    raise TypeError("%s() received an invalid keyword %r" % (
                        cls.__name__, key))
            def view(request, *args, **kwargs):
                self = cls(**initkwargs)
                if hasattr(self, 'get') and not hasattr(self, 'head'):
                    self.head = self.get
                return self.dispatch(request, *args, **kwargs)
            # take name and docstring from class
            update_wrapper(view, cls, updated=())
            # and possible attributes set by decorators
            # like csrf_exempt from dispatch
            update_wrapper(view, cls.dispatch, assigned=())
            return view
        # _allowed_methods only present from 1.5 onwards
        def _allowed_methods(self):
            return [m.upper() for m in self.http_method_names if hasattr(self, m)]
@ -153,316 +116,16 @@ if 'patch' not in View.http_method_names:
    View.http_method_names = View.http_method_names + ['patch']
-# PUT, DELETE do not require CSRF until 1.4.  They should.  Make it better.
+# RequestFactory only provides `generic` from 1.5 onwards
 if django.VERSION >= (1, 4):
    from django.middleware.csrf import CsrfViewMiddleware
 else:
    import hashlib
    import re
    import random
    import logging
    from django.conf import settings
    from django.core.urlresolvers import get_callable
    try:
        from logging import NullHandler
    except ImportError:
        class NullHandler(logging.Handler):
            def emit(self, record):
                pass
    logger = logging.getLogger('django.request')
    if not logger.handlers:
        logger.addHandler(NullHandler())
    def same_origin(url1, url2):
        """
        Checks if two URLs are 'same-origin'
        """
        p1, p2 = urlparse.urlparse(url1), urlparse.urlparse(url2)
        return p1[0:2] == p2[0:2]
    def constant_time_compare(val1, val2):
        """
        Returns True if the two strings are equal, False otherwise.
        The time taken is independent of the number of characters that match.
        """
        if len(val1) != len(val2):
            return False
        result = 0
        for x, y in zip(val1, val2):
            result |= ord(x) ^ ord(y)
        return result == 0
    # Use the system (hardware-based) random number generator if it exists.
    if hasattr(random, 'SystemRandom'):
        randrange = random.SystemRandom().randrange
    else:
        randrange = random.randrange
    _MAX_CSRF_KEY = 18446744073709551616      # 2 << 63
    REASON_NO_REFERER = "Referer checking failed - no Referer."
    REASON_BAD_REFERER = "Referer checking failed - %s does not match %s."
    REASON_NO_CSRF_COOKIE = "CSRF cookie not set."
    REASON_BAD_TOKEN = "CSRF token missing or incorrect."
    def _get_failure_view():
        """
        Returns the view to be used for CSRF rejections
        """
        return get_callable(settings.CSRF_FAILURE_VIEW)
    def _get_new_csrf_key():
        return hashlib.md5("%s%s" % (randrange(0, _MAX_CSRF_KEY), settings.SECRET_KEY)).hexdigest()
    def get_token(request):
        """
        Returns the the CSRF token required for a POST form. The token is an
        alphanumeric value.
        A side effect of calling this function is to make the the csrf_protect
        decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie'
        header to the outgoing response.  For this reason, you may need to use this
        function lazily, as is done by the csrf context processor.
        """
        request.META["CSRF_COOKIE_USED"] = True
        return request.META.get("CSRF_COOKIE", None)
    def _sanitize_token(token):
        # Allow only alphanum, and ensure we return a 'str' for the sake of the post
        # processing middleware.
        token = re.sub('[^a-zA-Z0-9]', '', str(token.decode('ascii', 'ignore')))
        if token == "":
            # In case the cookie has been truncated to nothing at some point.
            return _get_new_csrf_key()
        else:
            return token
    class CsrfViewMiddleware(object):
        """
        Middleware that requires a present and correct csrfmiddlewaretoken
        for POST requests that have a CSRF cookie, and sets an outgoing
        CSRF cookie.
        This middleware should be used in conjunction with the csrf_token template
        tag.
        """
        # The _accept and _reject methods currently only exist for the sake of the
        # requires_csrf_token decorator.
        def _accept(self, request):
            # Avoid checking the request twice by adding a custom attribute to
            # request.  This will be relevant when both decorator and middleware
            # are used.
            request.csrf_processing_done = True
            return None
        def _reject(self, request, reason):
            return _get_failure_view()(request, reason=reason)
        def process_view(self, request, callback, callback_args, callback_kwargs):
            if getattr(request, 'csrf_processing_done', False):
                return None
            try:
                csrf_token = _sanitize_token(request.COOKIES[settings.CSRF_COOKIE_NAME])
                # Use same token next time
                request.META['CSRF_COOKIE'] = csrf_token
            except KeyError:
                csrf_token = None
                # Generate token and store it in the request, so it's available to the view.
                request.META["CSRF_COOKIE"] = _get_new_csrf_key()
            # Wait until request.META["CSRF_COOKIE"] has been manipulated before
            # bailing out, so that get_token still works
            if getattr(callback, 'csrf_exempt', False):
                return None
            # Assume that anything not defined as 'safe' by RC2616 needs protection.
            if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
                if getattr(request, '_dont_enforce_csrf_checks', False):
                    # Mechanism to turn off CSRF checks for test suite.  It comes after
                    # the creation of CSRF cookies, so that everything else continues to
                    # work exactly the same (e.g. cookies are sent etc), but before the
                    # any branches that call reject()
                    return self._accept(request)
                if request.is_secure():
                    # Suppose user visits http://example.com/
                    # An active network attacker,(man-in-the-middle, MITM) sends a
                    # POST form which targets https://example.com/detonate-bomb/ and
                    # submits it via javascript.
                    #
                    # The attacker will need to provide a CSRF cookie and token, but
                    # that is no problem for a MITM and the session independent
                    # nonce we are using. So the MITM can circumvent the CSRF
                    # protection. This is true for any HTTP connection, but anyone
                    # using HTTPS expects better!  For this reason, for
                    # https://example.com/ we need additional protection that treats
                    # http://example.com/ as completely untrusted.  Under HTTPS,
                    # Barth et al. found that the Referer header is missing for
                    # same-domain requests in only about 0.2% of cases or less, so
                    # we can use strict Referer checking.
                    referer = request.META.get('HTTP_REFERER')
                    if referer is None:
                        logger.warning('Forbidden (%s): %s' % (REASON_NO_REFERER, request.path),
                            extra={
                                'status_code': 403,
                                'request': request,
                            }
                        )
                        return self._reject(request, REASON_NO_REFERER)
                    # Note that request.get_host() includes the port
                    good_referer = 'https://%s/' % request.get_host()
                    if not same_origin(referer, good_referer):
                        reason = REASON_BAD_REFERER % (referer, good_referer)
                        logger.warning('Forbidden (%s): %s' % (reason, request.path),
                            extra={
                                'status_code': 403,
                                'request': request,
                            }
                        )
                        return self._reject(request, reason)
                if csrf_token is None:
                    # No CSRF cookie. For POST requests, we insist on a CSRF cookie,
                    # and in this way we can avoid all CSRF attacks, including login
                    # CSRF.
                    logger.warning('Forbidden (%s): %s' % (REASON_NO_CSRF_COOKIE, request.path),
                        extra={
                            'status_code': 403,
                            'request': request,
                        }
                    )
                    return self._reject(request, REASON_NO_CSRF_COOKIE)
                # check non-cookie token for match
                request_csrf_token = ""
                if request.method == "POST":
                    request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
                if request_csrf_token == "":
                    # Fall back to X-CSRFToken, to make things easier for AJAX,
                    # and possible for PUT/DELETE
                    request_csrf_token = request.META.get('HTTP_X_CSRFTOKEN', '')
                if not constant_time_compare(request_csrf_token, csrf_token):
                    logger.warning('Forbidden (%s): %s' % (REASON_BAD_TOKEN, request.path),
                        extra={
                            'status_code': 403,
                            'request': request,
                        }
                    )
                    return self._reject(request, REASON_BAD_TOKEN)
            return self._accept(request)
 # timezone support is new in Django 1.4
 try:
    from django.utils import timezone
 except ImportError:
    timezone = None
 # dateparse is ALSO new in Django 1.4
 try:
    from django.utils.dateparse import parse_date, parse_datetime, parse_time
 except ImportError:
    import datetime
    import re
    date_re = re.compile(
        r'(?P<year>\d{4})-(?P<month>\d{1,2})-(?P<day>\d{1,2})$'
    )
    datetime_re = re.compile(
        r'(?P<year>\d{4})-(?P<month>\d{1,2})-(?P<day>\d{1,2})'
        r'[T ](?P<hour>\d{1,2}):(?P<minute>\d{1,2})'
        r'(?::(?P<second>\d{1,2})(?:\.(?P<microsecond>\d{1,6})\d{0,6})?)?'
        r'(?P<tzinfo>Z|[+-]\d{1,2}:\d{1,2})?$'
    )
    time_re = re.compile(
        r'(?P<hour>\d{1,2}):(?P<minute>\d{1,2})'
        r'(?::(?P<second>\d{1,2})(?:\.(?P<microsecond>\d{1,6})\d{0,6})?)?'
    )
    def parse_date(value):
        match = date_re.match(value)
        if match:
            kw = dict((k, int(v)) for k, v in match.groupdict().iteritems())
            return datetime.date(**kw)
    def parse_time(value):
        match = time_re.match(value)
        if match:
            kw = match.groupdict()
            if kw['microsecond']:
                kw['microsecond'] = kw['microsecond'].ljust(6, '0')
            kw = dict((k, int(v)) for k, v in kw.iteritems() if v is not None)
            return datetime.time(**kw)
    def parse_datetime(value):
        """Parse datetime, but w/o the timezone awareness in 1.4"""
        match = datetime_re.match(value)
        if match:
            kw = match.groupdict()
            if kw['microsecond']:
                kw['microsecond'] = kw['microsecond'].ljust(6, '0')
            kw = dict((k, int(v)) for k, v in kw.iteritems() if v is not None)
            return datetime.datetime(**kw)
 # smart_urlquote is new on Django 1.4
 try:
    from django.utils.html import smart_urlquote
 except ImportError:
    import re
    from django.utils.encoding import smart_str
    try:
        from urllib.parse import quote, urlsplit, urlunsplit
    except ImportError:     # Python 2
        from urllib import quote
        from urlparse import urlsplit, urlunsplit
    unquoted_percents_re = re.compile(r'%(?![0-9A-Fa-f]{2})')
    def smart_urlquote(url):
        "Quotes a URL if it isn't already quoted."
        # Handle IDN before quoting.
        scheme, netloc, path, query, fragment = urlsplit(url)
        try:
            netloc = netloc.encode('idna').decode('ascii')  # IDN -> ACE
        except UnicodeError:  # invalid domain part
            pass
        else:
            url = urlunsplit((scheme, netloc, path, query, fragment))
        # An URL is considered unquoted if it contains no % characters or
        # contains a % not followed by two hexadecimal digits. See #9655.
        if '%' not in url or unquoted_percents_re.search(url):
            # See http://bugs.python.org/issue2637
            url = quote(smart_str(url), safe=b'!*\'();:@&=+$,/?#[]~')
        return force_text(url)
 # RequestFactory only provide `generic` from 1.5 onwards
 from django.test.client import RequestFactory as DjangoRequestFactory
 from django.test.client import FakePayload
 try:
    # In 1.5 the test client uses force_bytes
    from django.utils.encoding import force_bytes as force_bytes_or_smart_bytes
 except ImportError:
-    # In 1.3 and 1.4 the test client just uses smart_str
+    # In 1.4 the test client just uses smart_str
    from django.utils.encoding import smart_str as force_bytes_or_smart_bytes
 class RequestFactory(DjangoRequestFactory):
    def generic(self, method, path,
            data='', content_type='application/octet-stream', **extra):
@ -487,6 +150,7 @@ class RequestFactory(DjangoRequestFactory):
        r.update(extra)
        return self.request(**r)
 # Markdown is optional
 try:
    import markdown
@ -501,7 +165,6 @@ try:
        safe_mode = False
        md = markdown.Markdown(extensions=extensions, safe_mode=safe_mode)
        return md.convert(text)
 except ImportError:
    apply_markdown = None
@ -519,14 +182,16 @@ try:
 except ImportError:
    etree = None
-# OAuth is optional
+
 # OAuth2 is optional
 try:
    # Note: The `oauth2` package actually provides oauth1.0a support.  Urg.
    import oauth2 as oauth
 except ImportError:
    oauth = None
-# OAuth is optional
+
 # OAuthProvider is optional
 try:
    import oauth_provider
    from oauth_provider.store import store as oauth_provider_store
@ -548,6 +213,7 @@ except (ImportError, ImproperlyConfigured):
    oauth_provider_store = None
    check_nonce = None
 # OAuth 2 support is optional
 try:
    import provider as oauth2_provider
@ -567,7 +233,8 @@ except ImportError:
    oauth2_constants = None
    provider_now = None
-# Handle lazy strings
+
 # Handle lazy strings across Py2/Py3
 from django.utils.functional import Promise
 if six.PY3:
--- a/rest_framework/decorators.py
+++ b/rest_framework/decorators.py
@ -3,13 +3,14 @@ The most important decorator in this module is `@api_view`, which is used
 for writing function-based views with REST framework.
 There are also various decorators for setting the API policies on function
-based views, as well as the `@action` and `@link` decorators, which are
+based views, as well as the `@detail_route` and `@list_route` decorators, which are
 used to annotate methods on viewsets that should be included by routers.
 """
 from __future__ import unicode_literals
 from rest_framework.compat import six
 from rest_framework.views import APIView
 import types
 import warnings
 def api_view(http_method_names):
@ -107,12 +108,40 @@ def permission_classes(permission_classes):
    return decorator
-def link(**kwargs):
+def detail_route(methods=['get'], **kwargs):
    """
-    Used to mark a method on a ViewSet that should be routed for GET requests.
+    Used to mark a method on a ViewSet that should be routed for detail requests.
    """
    def decorator(func):
        func.bind_to_methods = methods
        func.detail = True
        func.kwargs = kwargs
        return func
    return decorator
 def list_route(methods=['get'], **kwargs):
    """
    Used to mark a method on a ViewSet that should be routed for list requests.
    """
    def decorator(func):
        func.bind_to_methods = methods
        func.detail = False
        func.kwargs = kwargs
        return func
    return decorator
 # These are now pending deprecation, in favor of `detail_route` and `list_route`.
 def link(**kwargs):
    """
    Used to mark a method on a ViewSet that should be routed for detail GET requests.
    """
    msg = 'link is pending deprecation. Use detail_route instead.'
    warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
    def decorator(func):
        func.bind_to_methods = ['get']
        func.detail = True
        func.kwargs = kwargs
        return func
    return decorator
@ -120,10 +149,13 @@ def link(**kwargs):
 def action(methods=['post'], **kwargs):
    """
-    Used to mark a method on a ViewSet that should be routed for POST requests.
+    Used to mark a method on a ViewSet that should be routed for detail POST requests.
    """
    msg = 'action is pending deprecation. Use detail_route instead.'
    warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
    def decorator(func):
        func.bind_to_methods = methods
        func.detail = True
        func.kwargs = kwargs
        return func
-    return decorator
+    return decorator
--- a/rest_framework/fields.py
+++ b/rest_framework/fields.py
@ -18,12 +18,14 @@ from django.conf import settings
 from django.db.models.fields import BLANK_CHOICE_DASH
 from django.http import QueryDict
 from django.forms import widgets
 from django.utils import timezone
 from django.utils.encoding import is_protected_type
 from django.utils.translation import ugettext_lazy as _
 from django.utils.datastructures import SortedDict
 from django.utils.dateparse import parse_date, parse_datetime, parse_time
 from rest_framework import ISO_8601
 from rest_framework.compat import (
-    timezone, parse_date, parse_datetime, parse_time, BytesIO, six, smart_text,
+    BytesIO, six, smart_text,
    force_text, is_non_str_iterable
 )
 from rest_framework.settings import api_settings
@ -260,13 +262,6 @@ class WritableField(Field):
                 validators=[], error_messages=None, widget=None,
                 default=None, blank=None):
        # 'blank' is to be deprecated in favor of 'required'
        if blank is not None:
            warnings.warn('The `blank` keyword argument is deprecated. '
                          'Use the `required` keyword argument instead.',
                          DeprecationWarning, stacklevel=2)
            required = not(blank)
        super(WritableField, self).__init__(source=source, label=label, help_text=help_text)
        self.read_only = read_only
@ -460,8 +455,9 @@ class CharField(WritableField):
    type_label = 'string'
    form_field_class = forms.CharField
-    def __init__(self, max_length=None, min_length=None, *args, **kwargs):
+    def __init__(self, max_length=None, min_length=None, allow_none=False, *args, **kwargs):
        self.max_length, self.min_length = max_length, min_length
        self.allow_none = allow_none
        super(CharField, self).__init__(*args, **kwargs)
        if min_length is not None:
            self.validators.append(validators.MinLengthValidator(min_length))
@ -469,7 +465,9 @@ class CharField(WritableField):
            self.validators.append(validators.MaxLengthValidator(max_length))
    def from_native(self, value):
-        if isinstance(value, six.string_types) or value is None:
+        if value is None and not self.allow_none:
            return ''
        if isinstance(value, six.string_types):
            return value
        return smart_text(value)
--- a/rest_framework/generics.py
+++ b/rest_framework/generics.py
@ -121,11 +121,11 @@ class GenericAPIView(views.APIView):
        deprecated_style = False
        if page_size is not None:
            warnings.warn('The `page_size` parameter to `paginate_queryset()` '
-                          'is due to be deprecated. '
+                          'is deprecated. '
                          'Note that the return style of this method is also '
                          'changed, and will simply return a page object '
                          'when called without a `page_size` argument.',
-                          PendingDeprecationWarning, stacklevel=2)
+                          DeprecationWarning, stacklevel=2)
            deprecated_style = True
        else:
            # Determine the required page size.
@ -136,10 +136,10 @@ class GenericAPIView(views.APIView):
        if not self.allow_empty:
            warnings.warn(
-                'The `allow_empty` parameter is due to be deprecated. '
+                'The `allow_empty` parameter is deprecated. '
                'To use `allow_empty=False` style behavior, You should override '
                '`get_queryset()` and explicitly raise a 404 on empty querysets.',
-                PendingDeprecationWarning, stacklevel=2
+                DeprecationWarning, stacklevel=2
            )
        paginator = self.paginator_class(queryset, page_size,
@ -187,10 +187,10 @@ class GenericAPIView(views.APIView):
        if not filter_backends and self.filter_backend:
            warnings.warn(
                'The `filter_backend` attribute and `FILTER_BACKEND` setting '
-                'are due to be deprecated in favor of a `filter_backends` '
+                'are deprecated in favor of a `filter_backends` '
                'attribute and `DEFAULT_FILTER_BACKENDS` setting, that take '
                'a *list* of filter backend classes.',
-                PendingDeprecationWarning, stacklevel=2
+                DeprecationWarning, stacklevel=2
            )
            filter_backends = [self.filter_backend]
        return filter_backends
@ -211,8 +211,8 @@ class GenericAPIView(views.APIView):
        """
        if queryset is not None:
            warnings.warn('The `queryset` parameter to `get_paginate_by()` '
-                          'is due to be deprecated.',
+                          'is deprecated.',
-                          PendingDeprecationWarning, stacklevel=2)
+                          DeprecationWarning, stacklevel=2)
        if self.paginate_by_param:
            try:
@ -295,16 +295,16 @@ class GenericAPIView(views.APIView):
            filter_kwargs = {self.lookup_field: lookup}
        elif pk is not None and self.lookup_field == 'pk':
            warnings.warn(
-                'The `pk_url_kwarg` attribute is due to be deprecated. '
+                'The `pk_url_kwarg` attribute is deprecated. '
                'Use the `lookup_field` attribute instead',
-                PendingDeprecationWarning
+                DeprecationWarning
            )
            filter_kwargs = {'pk': pk}
        elif slug is not None and self.lookup_field == 'pk':
            warnings.warn(
-                'The `slug_url_kwarg` attribute is due to be deprecated. '
+                'The `slug_url_kwarg` attribute is deprecated. '
                'Use the `lookup_field` attribute instead',
-                PendingDeprecationWarning
+                DeprecationWarning
            )
            filter_kwargs = {self.slug_field: slug}
        else:
@ -524,9 +524,9 @@ class RetrieveUpdateDestroyAPIView(mixins.RetrieveModelMixin,
 class MultipleObjectAPIView(GenericAPIView):
    def __init__(self, *args, **kwargs):
        warnings.warn(
-            'Subclassing `MultipleObjectAPIView` is due to be deprecated. '
+            'Subclassing `MultipleObjectAPIView` is deprecated. '
            'You should simply subclass `GenericAPIView` instead.',
-            PendingDeprecationWarning, stacklevel=2
+            DeprecationWarning, stacklevel=2
        )
        super(MultipleObjectAPIView, self).__init__(*args, **kwargs)
@ -534,8 +534,8 @@ class MultipleObjectAPIView(GenericAPIView):
 class SingleObjectAPIView(GenericAPIView):
    def __init__(self, *args, **kwargs):
        warnings.warn(
-            'Subclassing `SingleObjectAPIView` is due to be deprecated. '
+            'Subclassing `SingleObjectAPIView` is deprecated. '
            'You should simply subclass `GenericAPIView` instead.',
-            PendingDeprecationWarning, stacklevel=2
+            DeprecationWarning, stacklevel=2
        )
        super(SingleObjectAPIView, self).__init__(*args, **kwargs)
--- a/rest_framework/mixins.py
+++ b/rest_framework/mixins.py
@ -26,14 +26,14 @@ def _get_validation_exclusions(obj, pk=None, slug_field=None, lookup_field=None)
    include = []
    if pk:
-        # Pending deprecation
+        # Deprecated
        pk_field = obj._meta.pk
        while pk_field.rel:
            pk_field = pk_field.rel.to._meta.pk
        include.append(pk_field.name)
    if slug_field:
-        # Pending deprecation
+        # Deprecated
        include.append(slug_field)
    if lookup_field and lookup_field != 'pk':
@ -79,10 +79,10 @@ class ListModelMixin(object):
        # `.allow_empty = False`, to raise 404 errors on empty querysets.
        if not self.allow_empty and not self.object_list:
            warnings.warn(
-                'The `allow_empty` parameter is due to be deprecated. '
+                'The `allow_empty` parameter is deprecated. '
                'To use `allow_empty=False` style behavior, You should override '
                '`get_queryset()` and explicitly raise a 404 on empty querysets.',
-                PendingDeprecationWarning
+                DeprecationWarning
            )
            class_name = self.__class__.__name__
            error_msg = self.empty_error % {'class_name': class_name}
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@ -2,15 +2,12 @@
 Provides a set of pluggable permission policies.
 """
 from __future__ import unicode_literals
 import inspect
 import warnings
 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 from django.http import Http404
 from rest_framework.compat import (get_model_name, oauth2_provider_scope,
                                   oauth2_constants)
 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 class BasePermission(object):
    """
@ -27,13 +24,6 @@ class BasePermission(object):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        if len(inspect.getargspec(self.has_permission).args) == 4:
            warnings.warn(
                'The `obj` argument in `has_permission` is deprecated. '
                'Use `has_object_permission()` instead for object permissions.',
                DeprecationWarning, stacklevel=2
            )
            return self.has_permission(request, view, obj)
        return True
--- a/rest_framework/relations.py
+++ b/rest_framework/relations.py
@ -41,14 +41,6 @@ class RelatedField(WritableField):
    many = False
    def __init__(self, *args, **kwargs):
        # 'null' is to be deprecated in favor of 'required'
        if 'null' in kwargs:
            warnings.warn('The `null` keyword argument is deprecated. '
                          'Use the `required` keyword argument instead.',
                          DeprecationWarning, stacklevel=2)
            kwargs['required'] = not kwargs.pop('null')
        queryset = kwargs.pop('queryset', None)
        self.many = kwargs.pop('many', self.many)
        if self.many:
@ -330,7 +322,7 @@ class HyperlinkedRelatedField(RelatedField):
        'incorrect_type': _('Incorrect type.  Expected url string, received %s.'),
    }
-    # These are all pending deprecation
+    # These are all deprecated
    pk_url_kwarg = 'pk'
    slug_field = 'slug'
    slug_url_kwarg = None  # Defaults to same as `slug_field` unless overridden
@ -344,16 +336,16 @@ class HyperlinkedRelatedField(RelatedField):
        self.lookup_field = kwargs.pop('lookup_field', self.lookup_field)
        self.format = kwargs.pop('format', None)
-        # These are pending deprecation
+        # These are deprecated
        if 'pk_url_kwarg' in kwargs:
-            msg = 'pk_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'pk_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_url_kwarg' in kwargs:
-            msg = 'slug_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_field' in kwargs:
-            msg = 'slug_field is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_field is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        self.pk_url_kwarg = kwargs.pop('pk_url_kwarg', self.pk_url_kwarg)
        self.slug_field = kwargs.pop('slug_field', self.slug_field)
@ -396,9 +388,9 @@ class HyperlinkedRelatedField(RelatedField):
                    # If the lookup succeeds using the default slug params,
                    # then `slug_field` is being used implicitly, and we
                    # we need to warn about the pending deprecation.
-                    msg = 'Implicit slug field hyperlinked fields are pending deprecation.' \
+                    msg = 'Implicit slug field hyperlinked fields are deprecated.' \
                          'You should set `lookup_field=slug` on the HyperlinkedRelatedField.'
-                    warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+                    warnings.warn(msg, DeprecationWarning, stacklevel=2)
                return ret
            except NoReverseMatch:
                pass
@ -432,14 +424,11 @@ class HyperlinkedRelatedField(RelatedField):
        request = self.context.get('request', None)
        format = self.format or self.context.get('format', None)
-        if request is None:
+        assert request is not None, (
-            msg = (
+            "`HyperlinkedRelatedField` requires the request in the serializer "
-                "Using `HyperlinkedRelatedField` without including the request "
+            "context. Add `context={'request': request}` when instantiating "
-                "in the serializer context is deprecated. "
+            "the serializer."
-                "Add `context={'request': request}` when instantiating "
+        )
                "the serializer."
            )
            warnings.warn(msg, DeprecationWarning, stacklevel=4)
        # If the object has not yet been saved then we cannot hyperlink to it.
        if getattr(obj, 'pk', None) is None:
@ -499,7 +488,7 @@ class HyperlinkedIdentityField(Field):
    lookup_field = 'pk'
    read_only = True
-    # These are all pending deprecation
+    # These are all deprecated
    pk_url_kwarg = 'pk'
    slug_field = 'slug'
    slug_url_kwarg = None  # Defaults to same as `slug_field` unless overridden
@ -515,16 +504,16 @@ class HyperlinkedIdentityField(Field):
        lookup_field = kwargs.pop('lookup_field', None)
        self.lookup_field = lookup_field or self.lookup_field
-        # These are pending deprecation
+        # These are deprecated
        if 'pk_url_kwarg' in kwargs:
-            msg = 'pk_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'pk_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_url_kwarg' in kwargs:
-            msg = 'slug_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_field' in kwargs:
-            msg = 'slug_field is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_field is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        self.slug_field = kwargs.pop('slug_field', self.slug_field)
        default_slug_kwarg = self.slug_url_kwarg or self.slug_field
@ -538,11 +527,11 @@ class HyperlinkedIdentityField(Field):
        format = self.context.get('format', None)
        view_name = self.view_name
-        if request is None:
+        assert request is not None, (
-            warnings.warn("Using `HyperlinkedIdentityField` without including the "
+            "`HyperlinkedIdentityField` requires the request in the serializer"
-                          "request in the serializer context is deprecated. "
+            " context. Add `context={'request': request}` when instantiating "
-                          "Add `context={'request': request}` when instantiating the serializer.",
+            "the serializer."
-                          DeprecationWarning, stacklevel=4)
+        )
        # By default use whatever format is given for the current context
        # unless the target is a different type to the source.
@ -606,41 +595,3 @@ class HyperlinkedIdentityField(Field):
                pass
        raise NoReverseMatch()
 ### Old-style many classes for backwards compat
 class ManyRelatedField(RelatedField):
    def __init__(self, *args, **kwargs):
        warnings.warn('`ManyRelatedField()` is deprecated. '
                      'Use `RelatedField(many=True)` instead.',
                       DeprecationWarning, stacklevel=2)
        kwargs['many'] = True
        super(ManyRelatedField, self).__init__(*args, **kwargs)
 class ManyPrimaryKeyRelatedField(PrimaryKeyRelatedField):
    def __init__(self, *args, **kwargs):
        warnings.warn('`ManyPrimaryKeyRelatedField()` is deprecated. '
                      'Use `PrimaryKeyRelatedField(many=True)` instead.',
                       DeprecationWarning, stacklevel=2)
        kwargs['many'] = True
        super(ManyPrimaryKeyRelatedField, self).__init__(*args, **kwargs)
 class ManySlugRelatedField(SlugRelatedField):
    def __init__(self, *args, **kwargs):
        warnings.warn('`ManySlugRelatedField()` is deprecated. '
                      'Use `SlugRelatedField(many=True)` instead.',
                       DeprecationWarning, stacklevel=2)
        kwargs['many'] = True
        super(ManySlugRelatedField, self).__init__(*args, **kwargs)
 class ManyHyperlinkedRelatedField(HyperlinkedRelatedField):
    def __init__(self, *args, **kwargs):
        warnings.warn('`ManyHyperlinkedRelatedField()` is deprecated. '
                      'Use `HyperlinkedRelatedField(many=True)` instead.',
                       DeprecationWarning, stacklevel=2)
        kwargs['many'] = True
        super(ManyHyperlinkedRelatedField, self).__init__(*args, **kwargs)
--- a/rest_framework/routers.py
+++ b/rest_framework/routers.py
@ -17,15 +17,17 @@ from __future__ import unicode_literals
 import itertools
 from collections import namedtuple
 from django.conf.urls import patterns, url
 from django.core.exceptions import ImproperlyConfigured
 from rest_framework import views
 from rest_framework.compat import patterns, url
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
 from rest_framework.urlpatterns import format_suffix_patterns
 Route = namedtuple('Route', ['url', 'mapping', 'name', 'initkwargs'])
 DynamicDetailRoute = namedtuple('DynamicDetailRoute', ['url', 'name', 'initkwargs'])
 DynamicListRoute = namedtuple('DynamicListRoute', ['url', 'name', 'initkwargs'])
 def replace_methodname(format_string, methodname):
@ -88,6 +90,14 @@ class SimpleRouter(BaseRouter):
            name='{basename}-list',
            initkwargs={'suffix': 'List'}
        ),
        # Dynamically generated list routes.
        # Generated using @list_route decorator
        # on methods of the viewset.
        DynamicListRoute(
            url=r'^{prefix}/{methodname}{trailing_slash}$',
            name='{basename}-{methodnamehyphen}',
            initkwargs={}
        ),
        # Detail route.
        Route(
            url=r'^{prefix}/{lookup}{trailing_slash}$',
@ -100,13 +110,10 @@ class SimpleRouter(BaseRouter):
            name='{basename}-detail',
            initkwargs={'suffix': 'Instance'}
        ),
-        # Dynamically generated routes.
+        # Dynamically generated detail routes.
-        # Generated using @action or @link decorators on methods of the viewset.
+        # Generated using @detail_route decorator on methods of the viewset.
-        Route(
+        DynamicDetailRoute(
            url=r'^{prefix}/{lookup}/{methodname}{trailing_slash}$',
            mapping={
                '{httpmethod}': '{methodname}',
            },
            name='{basename}-{methodnamehyphen}',
            initkwargs={}
        ),
@ -139,25 +146,42 @@ class SimpleRouter(BaseRouter):
        Returns a list of the Route namedtuple.
        """
-        known_actions = flatten([route.mapping.values() for route in self.routes])
+        known_actions = flatten([route.mapping.values() for route in self.routes if isinstance(route, Route)])
-        # Determine any `@action` or `@link` decorated methods on the viewset
+        # Determine any `@detail_route` or `@list_route` decorated methods on the viewset
-        dynamic_routes = []
+        detail_routes = []
        list_routes = []
        for methodname in dir(viewset):
            attr = getattr(viewset, methodname)
            httpmethods = getattr(attr, 'bind_to_methods', None)
            detail = getattr(attr, 'detail', True)
            if httpmethods:
                if methodname in known_actions:
-                    raise ImproperlyConfigured('Cannot use @action or @link decorator on '
+                    raise ImproperlyConfigured('Cannot use @detail_route or @list_route '
-                                               'method "%s" as it is an existing route' % methodname)
+                                               'decorators on method "%s" '
                                               'as it is an existing route' % methodname)
                httpmethods = [method.lower() for method in httpmethods]
-                dynamic_routes.append((httpmethods, methodname))
+                if detail:
                    detail_routes.append((httpmethods, methodname))
                else:
                    list_routes.append((httpmethods, methodname))
        ret = []
        for route in self.routes:
-            if route.mapping == {'{httpmethod}': '{methodname}'}:
+            if isinstance(route, DynamicDetailRoute):
-                # Dynamic routes (@link or @action decorator)
+                # Dynamic detail routes (@detail_route decorator)
-                for httpmethods, methodname in dynamic_routes:
+                for httpmethods, methodname in detail_routes:
                    initkwargs = route.initkwargs.copy()
                    initkwargs.update(getattr(viewset, methodname).kwargs)
                    ret.append(Route(
                        url=replace_methodname(route.url, methodname),
                        mapping=dict((httpmethod, methodname) for httpmethod in httpmethods),
                        name=replace_methodname(route.name, methodname),
                        initkwargs=initkwargs,
                    ))
            elif isinstance(route, DynamicListRoute):
                # Dynamic list routes (@list_route decorator)
                for httpmethods, methodname in list_routes:
                    initkwargs = route.initkwargs.copy()
                    initkwargs.update(getattr(viewset, methodname).kwargs)
                    ret.append(Route(
@ -195,13 +219,16 @@ class SimpleRouter(BaseRouter):
        https://github.com/alanjds/drf-nested-routers
        """
-        if self.trailing_slash:
+        base_regex = '(?P<{lookup_prefix}{lookup_field}>{lookup_value})'
-            base_regex = '(?P<{lookup_prefix}{lookup_field}>[^/]+)'
+        # Use `pk` as default field, unset set.  Default regex should not
-        else:
+        # consume `.json` style suffixes and should break at '/' boundaries.
            # Don't consume `.json` style suffixes
            base_regex = '(?P<{lookup_prefix}{lookup_field}>[^/.]+)'
        lookup_field = getattr(viewset, 'lookup_field', 'pk')
-        return base_regex.format(lookup_field=lookup_field, lookup_prefix=lookup_prefix)
+        lookup_value = getattr(viewset, 'lookup_value_regex', '[^/.]+')
        return base_regex.format(
            lookup_prefix=lookup_prefix,
            lookup_field=lookup_field,
            lookup_value=lookup_value
        )
    def get_urls(self):
        """
--- a/rest_framework/serializers.py
+++ b/rest_framework/serializers.py
@ -21,7 +21,7 @@ from django.core.paginator import Page
 from django.db import models
 from django.forms import widgets
 from django.utils.datastructures import SortedDict
-from rest_framework.compat import get_concrete_model, six
+from rest_framework.compat import six
 from rest_framework.settings import api_settings
@ -181,7 +181,7 @@ class BaseSerializer(WritableField):
    _dict_class = SortedDictWithMetadata
    def __init__(self, instance=None, data=None, files=None,
-                 context=None, partial=False, many=None,
+                 context=None, partial=False, many=False,
                 allow_add_remove=False, **kwargs):
        super(BaseSerializer, self).__init__(**kwargs)
        self.opts = self._options_class(self.Meta)
@ -411,12 +411,7 @@ class BaseSerializer(WritableField):
        if value is None:
            return None
-        if self.many is not None:
+        if self.many:
            many = self.many
        else:
            many = hasattr(value, '__iter__') and not isinstance(value, (Page, dict, six.text_type))
        if many:
            return [self.to_native(item) for item in value]
        return self.to_native(value)
@ -662,7 +657,7 @@ class ModelSerializer(Serializer):
        cls = self.opts.model
        assert cls is not None, \
                "Serializer class '%s' is missing 'model' Meta option" % self.__class__.__name__
-        opts = get_concrete_model(cls)._meta
+        opts = cls._meta.concrete_model._meta
        ret = SortedDict()
        nested = bool(self.opts.depth)
@ -695,10 +690,10 @@ class ModelSerializer(Serializer):
                if len(inspect.getargspec(self.get_nested_field).args) == 2:
                    warnings.warn(
                        'The `get_nested_field(model_field)` call signature '
-                        'is due to be deprecated. '
+                        'is deprecated. '
                        'Use `get_nested_field(model_field, related_model, '
                        'to_many) instead',
-                        PendingDeprecationWarning
+                        DeprecationWarning
                    )
                    field = self.get_nested_field(model_field)
                else:
@ -707,10 +702,10 @@ class ModelSerializer(Serializer):
                if len(inspect.getargspec(self.get_nested_field).args) == 3:
                    warnings.warn(
                        'The `get_related_field(model_field, to_many)` call '
-                        'signature is due to be deprecated. '
+                        'signature is deprecated. '
                        'Use `get_related_field(model_field, related_model, '
                        'to_many) instead',
-                        PendingDeprecationWarning
+                        DeprecationWarning
                    )
                    field = self.get_related_field(model_field, to_many=to_many)
                else:
@ -871,6 +866,10 @@ class ModelSerializer(Serializer):
                issubclass(model_field.__class__, models.PositiveSmallIntegerField):
            kwargs['min_value'] = 0
        if model_field.null and \
                issubclass(model_field.__class__, (models.CharField, models.TextField)):
            kwargs['allow_none'] = True
        attribute_dict = {
            models.CharField: ['max_length'],
            models.CommaSeparatedIntegerField: ['max_length'],
@ -897,7 +896,7 @@ class ModelSerializer(Serializer):
        Return a list of field names to exclude from model validation.
        """
        cls = self.opts.model
-        opts = get_concrete_model(cls)._meta
+        opts = cls._meta.concrete_model._meta
        exclusions = [field.name for field in opts.fields + opts.many_to_many]
        for field_name, field in self.fields.items():
--- a/rest_framework/settings.py
+++ b/rest_framework/settings.py
@ -63,6 +63,7 @@ DEFAULTS = {
        'user': None,
        'anon': None,
    },
    'NUM_PROXIES': None,
    # Pagination
    'PAGINATE_BY': None,
--- a/rest_framework/six.py
+++ b/rest_framework/six.py
@ -1,389 +0,0 @@
 """Utilities for writing code that runs on Python 2 and 3"""
 import operator
 import sys
 import types
 __author__ = "Benjamin Peterson <benjamin@python.org>"
 __version__ = "1.2.0"
 # True if we are running on Python 3.
 PY3 = sys.version_info[0] == 3
 if PY3:
    string_types = str,
    integer_types = int,
    class_types = type,
    text_type = str
    binary_type = bytes
    MAXSIZE = sys.maxsize
 else:
    string_types = basestring,
    integer_types = (int, long)
    class_types = (type, types.ClassType)
    text_type = unicode
    binary_type = str
    if sys.platform == "java":
        # Jython always uses 32 bits.
        MAXSIZE = int((1 << 31) - 1)
    else:
        # It's possible to have sizeof(long) != sizeof(Py_ssize_t).
        class X(object):
            def __len__(self):
                return 1 << 31
        try:
            len(X())
        except OverflowError:
            # 32-bit
            MAXSIZE = int((1 << 31) - 1)
        else:
            # 64-bit
            MAXSIZE = int((1 << 63) - 1)
            del X
 def _add_doc(func, doc):
    """Add documentation to a function."""
    func.__doc__ = doc
 def _import_module(name):
    """Import module, returning the module after the last dot."""
    __import__(name)
    return sys.modules[name]
 class _LazyDescr(object):
    def __init__(self, name):
        self.name = name
    def __get__(self, obj, tp):
        result = self._resolve()
        setattr(obj, self.name, result)
        # This is a bit ugly, but it avoids running this again.
        delattr(tp, self.name)
        return result
 class MovedModule(_LazyDescr):
    def __init__(self, name, old, new=None):
        super(MovedModule, self).__init__(name)
        if PY3:
            if new is None:
                new = name
            self.mod = new
        else:
            self.mod = old
    def _resolve(self):
        return _import_module(self.mod)
 class MovedAttribute(_LazyDescr):
    def __init__(self, name, old_mod, new_mod, old_attr=None, new_attr=None):
        super(MovedAttribute, self).__init__(name)
        if PY3:
            if new_mod is None:
                new_mod = name
            self.mod = new_mod
            if new_attr is None:
                if old_attr is None:
                    new_attr = name
                else:
                    new_attr = old_attr
            self.attr = new_attr
        else:
            self.mod = old_mod
            if old_attr is None:
                old_attr = name
            self.attr = old_attr
    def _resolve(self):
        module = _import_module(self.mod)
        return getattr(module, self.attr)
 class _MovedItems(types.ModuleType):
    """Lazy loading of moved objects"""
 _moved_attributes = [
    MovedAttribute("cStringIO", "cStringIO", "io", "StringIO"),
    MovedAttribute("filter", "itertools", "builtins", "ifilter", "filter"),
    MovedAttribute("input", "__builtin__", "builtins", "raw_input", "input"),
    MovedAttribute("map", "itertools", "builtins", "imap", "map"),
    MovedAttribute("reload_module", "__builtin__", "imp", "reload"),
    MovedAttribute("reduce", "__builtin__", "functools"),
    MovedAttribute("StringIO", "StringIO", "io"),
    MovedAttribute("xrange", "__builtin__", "builtins", "xrange", "range"),
    MovedAttribute("zip", "itertools", "builtins", "izip", "zip"),
    MovedModule("builtins", "__builtin__"),
    MovedModule("configparser", "ConfigParser"),
    MovedModule("copyreg", "copy_reg"),
    MovedModule("http_cookiejar", "cookielib", "http.cookiejar"),
    MovedModule("http_cookies", "Cookie", "http.cookies"),
    MovedModule("html_entities", "htmlentitydefs", "html.entities"),
    MovedModule("html_parser", "HTMLParser", "html.parser"),
    MovedModule("http_client", "httplib", "http.client"),
    MovedModule("BaseHTTPServer", "BaseHTTPServer", "http.server"),
    MovedModule("CGIHTTPServer", "CGIHTTPServer", "http.server"),
    MovedModule("SimpleHTTPServer", "SimpleHTTPServer", "http.server"),
    MovedModule("cPickle", "cPickle", "pickle"),
    MovedModule("queue", "Queue"),
    MovedModule("reprlib", "repr"),
    MovedModule("socketserver", "SocketServer"),
    MovedModule("tkinter", "Tkinter"),
    MovedModule("tkinter_dialog", "Dialog", "tkinter.dialog"),
    MovedModule("tkinter_filedialog", "FileDialog", "tkinter.filedialog"),
    MovedModule("tkinter_scrolledtext", "ScrolledText", "tkinter.scrolledtext"),
    MovedModule("tkinter_simpledialog", "SimpleDialog", "tkinter.simpledialog"),
    MovedModule("tkinter_tix", "Tix", "tkinter.tix"),
    MovedModule("tkinter_constants", "Tkconstants", "tkinter.constants"),
    MovedModule("tkinter_dnd", "Tkdnd", "tkinter.dnd"),
    MovedModule("tkinter_colorchooser", "tkColorChooser",
                "tkinter.colorchooser"),
    MovedModule("tkinter_commondialog", "tkCommonDialog",
                "tkinter.commondialog"),
    MovedModule("tkinter_tkfiledialog", "tkFileDialog", "tkinter.filedialog"),
    MovedModule("tkinter_font", "tkFont", "tkinter.font"),
    MovedModule("tkinter_messagebox", "tkMessageBox", "tkinter.messagebox"),
    MovedModule("tkinter_tksimpledialog", "tkSimpleDialog",
                "tkinter.simpledialog"),
    MovedModule("urllib_robotparser", "robotparser", "urllib.robotparser"),
    MovedModule("winreg", "_winreg"),
 ]
 for attr in _moved_attributes:
    setattr(_MovedItems, attr.name, attr)
 del attr
 moves = sys.modules["django.utils.six.moves"] = _MovedItems("moves")
 def add_move(move):
    """Add an item to six.moves."""
    setattr(_MovedItems, move.name, move)
 def remove_move(name):
    """Remove item from six.moves."""
    try:
        delattr(_MovedItems, name)
    except AttributeError:
        try:
            del moves.__dict__[name]
        except KeyError:
            raise AttributeError("no such move, %r" % (name,))
 if PY3:
    _meth_func = "__func__"
    _meth_self = "__self__"
    _func_code = "__code__"
    _func_defaults = "__defaults__"
    _iterkeys = "keys"
    _itervalues = "values"
    _iteritems = "items"
 else:
    _meth_func = "im_func"
    _meth_self = "im_self"
    _func_code = "func_code"
    _func_defaults = "func_defaults"
    _iterkeys = "iterkeys"
    _itervalues = "itervalues"
    _iteritems = "iteritems"
 try:
    advance_iterator = next
 except NameError:
    def advance_iterator(it):
        return it.next()
 next = advance_iterator
 if PY3:
    def get_unbound_function(unbound):
        return unbound
    Iterator = object
    def callable(obj):
        return any("__call__" in klass.__dict__ for klass in type(obj).__mro__)
 else:
    def get_unbound_function(unbound):
        return unbound.im_func
    class Iterator(object):
        def next(self):
            return type(self).__next__(self)
    callable = callable
 _add_doc(get_unbound_function,
         """Get the function out of a possibly unbound function""")
 get_method_function = operator.attrgetter(_meth_func)
 get_method_self = operator.attrgetter(_meth_self)
 get_function_code = operator.attrgetter(_func_code)
 get_function_defaults = operator.attrgetter(_func_defaults)
 def iterkeys(d):
    """Return an iterator over the keys of a dictionary."""
    return iter(getattr(d, _iterkeys)())
 def itervalues(d):
    """Return an iterator over the values of a dictionary."""
    return iter(getattr(d, _itervalues)())
 def iteritems(d):
    """Return an iterator over the (key, value) pairs of a dictionary."""
    return iter(getattr(d, _iteritems)())
 if PY3:
    def b(s):
        return s.encode("latin-1")
    def u(s):
        return s
    if sys.version_info[1] <= 1:
        def int2byte(i):
            return bytes((i,))
    else:
        # This is about 2x faster than the implementation above on 3.2+
        int2byte = operator.methodcaller("to_bytes", 1, "big")
    import io
    StringIO = io.StringIO
    BytesIO = io.BytesIO
 else:
    def b(s):
        return s
    def u(s):
        return unicode(s, "unicode_escape")
    int2byte = chr
    import StringIO
    StringIO = BytesIO = StringIO.StringIO
 _add_doc(b, """Byte literal""")
 _add_doc(u, """Text literal""")
 if PY3:
    import builtins
    exec_ = getattr(builtins, "exec")
    def reraise(tp, value, tb=None):
        if value.__traceback__ is not tb:
            raise value.with_traceback(tb)
        raise value
    print_ = getattr(builtins, "print")
    del builtins
 else:
    def exec_(code, globs=None, locs=None):
        """Execute code in a namespace."""
        if globs is None:
            frame = sys._getframe(1)
            globs = frame.f_globals
            if locs is None:
                locs = frame.f_locals
            del frame
        elif locs is None:
            locs = globs
        exec("""exec code in globs, locs""")
    exec_("""def reraise(tp, value, tb=None):
    raise tp, value, tb
 """)
    def print_(*args, **kwargs):
        """The new-style print function."""
        fp = kwargs.pop("file", sys.stdout)
        if fp is None:
            return
        def write(data):
            if not isinstance(data, basestring):
                data = str(data)
            fp.write(data)
        want_unicode = False
        sep = kwargs.pop("sep", None)
        if sep is not None:
            if isinstance(sep, unicode):
                want_unicode = True
            elif not isinstance(sep, str):
                raise TypeError("sep must be None or a string")
        end = kwargs.pop("end", None)
        if end is not None:
            if isinstance(end, unicode):
                want_unicode = True
            elif not isinstance(end, str):
                raise TypeError("end must be None or a string")
        if kwargs:
            raise TypeError("invalid keyword arguments to print()")
        if not want_unicode:
            for arg in args:
                if isinstance(arg, unicode):
                    want_unicode = True
                    break
        if want_unicode:
            newline = unicode("\n")
            space = unicode(" ")
        else:
            newline = "\n"
            space = " "
        if sep is None:
            sep = space
        if end is None:
            end = newline
        for i, arg in enumerate(args):
            if i:
                write(sep)
            write(arg)
        write(end)
 _add_doc(reraise, """Reraise an exception.""")
 def with_metaclass(meta, base=object):
    """Create a base class with a metaclass."""
    return meta("NewBase", (base,), {})
 ### Additional customizations for Django ###
 if PY3:
    _iterlists = "lists"
    _assertRaisesRegex = "assertRaisesRegex"
 else:
    _iterlists = "iterlists"
    _assertRaisesRegex = "assertRaisesRegexp"
 def iterlists(d):
    """Return an iterator over the values of a MultiValueDict."""
    return getattr(d, _iterlists)()
 def assertRaisesRegex(self, *args, **kwargs):
    return getattr(self, _assertRaisesRegex)(*args, **kwargs)
 add_move(MovedModule("_dummy_thread", "dummy_thread"))
 add_move(MovedModule("_thread", "thread"))
--- a/rest_framework/templates/rest_framework/base.html
+++ b/rest_framework/templates/rest_framework/base.html
@ -1,4 +1,5 @@
 {% load url from future %}
 {% load staticfiles %}
 {% load rest_framework %}
 <!DOCTYPE html>
 <html>
--- a/rest_framework/templates/rest_framework/login_base.html
+++ b/rest_framework/templates/rest_framework/login_base.html
@ -1,4 +1,5 @@
 {% load url from future %}
 {% load staticfiles %}
 {% load rest_framework %}
 <html>
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@ -5,95 +5,13 @@ from django.http import QueryDict
 from django.utils.encoding import iri_to_uri
 from django.utils.html import escape
 from django.utils.safestring import SafeData, mark_safe
-from rest_framework.compat import urlparse, force_text, six, smart_urlquote
+from rest_framework.compat import urlparse, force_text, six
 from django.utils.html import smart_urlquote
 import re
 register = template.Library()
 # Note we don't use 'load staticfiles', because we need a 1.3 compatible
 # version, so instead we include the `static` template tag ourselves.
 # When 1.3 becomes unsupported by REST framework, we can instead start to
 # use the {% load staticfiles %} tag, remove the following code,
 # and add a dependency that `django.contrib.staticfiles` must be installed.
 # Note: We can't put this into the `compat` module because the compat import
 # from rest_framework.compat import ...
 # conflicts with this rest_framework template tag module.
 try:  # Django 1.5+
    from django.contrib.staticfiles.templatetags.staticfiles import StaticFilesNode
    @register.tag('static')
    def do_static(parser, token):
        return StaticFilesNode.handle_token(parser, token)
 except ImportError:
    try:  # Django 1.4
        from django.contrib.staticfiles.storage import staticfiles_storage
        @register.simple_tag
        def static(path):
            """
            A template tag that returns the URL to a file
            using staticfiles' storage backend
            """
            return staticfiles_storage.url(path)
    except ImportError:  # Django 1.3
        from urlparse import urljoin
        from django import template
        from django.templatetags.static import PrefixNode
        class StaticNode(template.Node):
            def __init__(self, varname=None, path=None):
                if path is None:
                    raise template.TemplateSyntaxError(
                        "Static template nodes must be given a path to return.")
                self.path = path
                self.varname = varname
            def url(self, context):
                path = self.path.resolve(context)
                return self.handle_simple(path)
            def render(self, context):
                url = self.url(context)
                if self.varname is None:
                    return url
                context[self.varname] = url
                return ''
            @classmethod
            def handle_simple(cls, path):
                return urljoin(PrefixNode.handle_simple("STATIC_URL"), path)
            @classmethod
            def handle_token(cls, parser, token):
                """
                Class method to parse prefix node and return a Node.
                """
                bits = token.split_contents()
                if len(bits) < 2:
                    raise template.TemplateSyntaxError(
                        "'%s' takes at least one argument (path to file)" % bits[0])
                path = parser.compile_filter(bits[1])
                if len(bits) >= 2 and bits[-2] == 'as':
                    varname = bits[3]
                else:
                    varname = None
                return cls(varname, path)
        @register.tag('static')
        def do_static_13(parser, token):
            return StaticNode.handle_token(parser, token)
 def replace_query_param(url, key, val):
    """
    Given a URL and a key/val pair, set or replace an item in the query
--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@ -18,6 +18,25 @@ class BaseThrottle(object):
        """
        raise NotImplementedError('.allow_request() must be overridden')
    def get_ident(self, request):
        """
        Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR
        if present and number of proxies is > 0. If not use all of
        HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.
        """
        xff = request.META.get('HTTP_X_FORWARDED_FOR')
        remote_addr = request.META.get('REMOTE_ADDR')
        num_proxies = api_settings.NUM_PROXIES
        if num_proxies is not None:
            if num_proxies == 0 or xff is None:
                return remote_addr
            addrs = xff.split(',')
            client_addr = addrs[-min(num_proxies, len(xff))]
            return client_addr.strip()
        return xff if xff else remote_addr
    def wait(self):
        """
        Optionally, return a recommended number of seconds to wait before
@ -154,13 +173,9 @@ class AnonRateThrottle(SimpleRateThrottle):
        if request.user.is_authenticated():
            return None  # Only throttle unauthenticated requests.
        ident = request.META.get('HTTP_X_FORWARDED_FOR')
        if ident is None:
            ident = request.META.get('REMOTE_ADDR')
        return self.cache_format % {
            'scope': self.scope,
-            'ident': ident
+            'ident': self.get_ident(request)
        }
@ -178,7 +193,7 @@ class UserRateThrottle(SimpleRateThrottle):
        if request.user.is_authenticated():
            ident = request.user.id
        else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
        return self.cache_format % {
            'scope': self.scope,
@ -226,7 +241,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
        if request.user.is_authenticated():
            ident = request.user.id
        else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
        return self.cache_format % {
            'scope': self.scope,
--- a/rest_framework/urlpatterns.py
+++ b/rest_framework/urlpatterns.py
@ -1,6 +1,6 @@
 from __future__ import unicode_literals
 from django.conf.urls import url, include
 from django.core.urlresolvers import RegexURLResolver
 from rest_framework.compat import url, include
 from rest_framework.settings import api_settings
--- a/rest_framework/urls.py
+++ b/rest_framework/urls.py
@ -13,7 +13,7 @@ your authentication settings include `SessionAuthentication`.
    )
 """
 from __future__ import unicode_literals
-from rest_framework.compat import patterns, url
+from django.conf.urls import patterns, url
 template_name = {'template_name': 'rest_framework/login.html'}
--- a/rest_framework/utils/encoders.py
+++ b/rest_framework/utils/encoders.py
@ -2,10 +2,11 @@
 Helper classes for parsers.
 """
 from __future__ import unicode_literals
 from django.utils import timezone
 from django.db.models.query import QuerySet
 from django.utils.datastructures import SortedDict
 from django.utils.functional import Promise
-from rest_framework.compat import timezone, force_text
+from rest_framework.compat import force_text
 from rest_framework.serializers import DictWithMetadata, SortedDictWithMetadata
 import datetime
 import decimal
--- a/tests/settings.py
+++ b/tests/settings.py
@ -93,10 +93,7 @@ INSTALLED_APPS = (
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
-    # Uncomment the next line to enable the admin:
+    'django.contrib.staticfiles',
    # 'django.contrib.admin',
    # Uncomment the next line to enable admin documentation:
    # 'django.contrib.admindocs',
    'rest_framework',
    'rest_framework.authtoken',
    'tests',
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@ -1,4 +1,5 @@
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url, include
 from django.contrib.auth.models import User
 from django.http import HttpResponse
 from django.test import TestCase
@ -19,7 +20,7 @@ from rest_framework.authentication import (
    OAuth2Authentication
 )
 from rest_framework.authtoken.models import Token
-from rest_framework.compat import patterns, url, include, six
+from rest_framework.compat import six
 from rest_framework.compat import oauth2_provider, oauth2_provider_scope
 from rest_framework.compat import oauth, oauth_provider
 from rest_framework.test import APIRequestFactory, APIClient
--- a/tests/test_breadcrumbs.py
+++ b/tests/test_breadcrumbs.py
@ -1,6 +1,6 @@
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url
 from django.test import TestCase
 from rest_framework.compat import patterns, url
 from rest_framework.utils.breadcrumbs import get_breadcrumbs
 from rest_framework.views import APIView
--- a/tests/test_filters.py
+++ b/tests/test_filters.py
@ -5,9 +5,9 @@ from django.db import models
 from django.core.urlresolvers import reverse
 from django.test import TestCase
 from django.utils import unittest
 from django.conf.urls import patterns, url
 from rest_framework import generics, serializers, status, filters
-from rest_framework.compat import django_filters, patterns, url
+from rest_framework.compat import django_filters
 from rest_framework.settings import api_settings
 from rest_framework.test import APIRequestFactory
 from .models import FilterableItem, BasicModel
 from .utils import temporary_setting
--- a/tests/test_genericrelations.py
+++ b/tests/test_genericrelations.py
@ -84,7 +84,7 @@ class TestGenericRelations(TestCase):
                exclude = ('content_type', 'object_id')
        class BookmarkSerializer(serializers.ModelSerializer):
-            tags = TagSerializer()
+            tags = TagSerializer(many=True)
            class Meta:
                model = Bookmark
--- a/tests/test_htmlrenderer.py
+++ b/tests/test_htmlrenderer.py
@ -1,11 +1,11 @@
 from __future__ import unicode_literals
 from django.core.exceptions import PermissionDenied
 from django.conf.urls import patterns, url
 from django.http import Http404
 from django.test import TestCase
 from django.template import TemplateDoesNotExist, Template
 import django.template.loader
 from rest_framework import status
 from rest_framework.compat import patterns, url
 from rest_framework.decorators import api_view, renderer_classes
 from rest_framework.renderers import TemplateHTMLRenderer
 from rest_framework.response import Response
--- a/tests/test_hyperlinkedserializers.py
+++ b/tests/test_hyperlinkedserializers.py
@ -2,7 +2,7 @@ from __future__ import unicode_literals
 import json
 from django.test import TestCase
 from rest_framework import generics, status, serializers
-from rest_framework.compat import patterns, url
+from django.conf.urls import patterns, url
 from rest_framework.settings import api_settings
 from rest_framework.test import APIRequestFactory
 from tests.models import (
@ -25,7 +25,7 @@ class BlogPostCommentSerializer(serializers.ModelSerializer):
 class PhotoSerializer(serializers.Serializer):
    description = serializers.CharField()
-    album_url = serializers.HyperlinkedRelatedField(source='album', view_name='album-detail', queryset=Album.objects.all(), lookup_field='title', slug_url_kwarg='title')
+    album_url = serializers.HyperlinkedRelatedField(source='album', view_name='album-detail', queryset=Album.objects.all(), lookup_field='title')
    def restore_object(self, attrs, instance=None):
        return Photo(**attrs)
--- a/tests/test_nullable_fields.py
+++ b/tests/test_nullable_fields.py
@ -1,6 +1,6 @@
 from django.core.urlresolvers import reverse
-from rest_framework.compat import patterns, url
+from django.conf.urls import patterns, url
 from rest_framework.test import APITestCase
 from tests.models import NullableForeignKeySource
 from tests.serializers import NullableFKSourceSerializer
--- a/tests/test_relations_hyperlink.py
+++ b/tests/test_relations_hyperlink.py
@ -1,7 +1,7 @@
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url
 from django.test import TestCase
 from rest_framework import serializers
 from rest_framework.compat import patterns, url
 from rest_framework.test import APIRequestFactory
 from tests.models import (
    BlogPost,
--- a/tests/test_renderers.py
+++ b/tests/test_renderers.py
@ -2,13 +2,14 @@
 from __future__ import unicode_literals
 from decimal import Decimal
 from django.conf.urls import patterns, url, include
 from django.core.cache import cache
 from django.db import models
 from django.test import TestCase
 from django.utils import unittest
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import status, permissions
-from rest_framework.compat import yaml, etree, patterns, url, include, six, StringIO
+from rest_framework.compat import yaml, etree, six, StringIO
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.renderers import BaseRenderer, JSONRenderer, YAMLRenderer, \
--- a/tests/test_request.py
+++ b/tests/test_request.py
@ -2,6 +2,7 @@
 Tests for content parsing, and form-overloaded content parsing.
 """
 from __future__ import unicode_literals
 from django.conf.urls import patterns
 from django.contrib.auth.models import User
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.sessions.middleware import SessionMiddleware
@ -9,7 +10,6 @@ from django.core.handlers.wsgi import WSGIRequest
 from django.test import TestCase
 from rest_framework import status
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.compat import patterns
 from rest_framework.parsers import (
    BaseParser,
    FormParser,
--- a/tests/test_response.py
+++ b/tests/test_response.py
@ -1,7 +1,7 @@
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url, include
 from django.test import TestCase
 from tests.models import BasicModel, BasicModelSerializer
 from rest_framework.compat import patterns, url, include
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework import generics
--- a/tests/test_reverse.py
+++ b/tests/test_reverse.py
@ -1,6 +1,6 @@
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url
 from django.test import TestCase
 from rest_framework.compat import patterns, url
 from rest_framework.reverse import reverse
 from rest_framework.test import APIRequestFactory
--- a/tests/test_routers.py
+++ b/tests/test_routers.py
@ -1,10 +1,10 @@
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url, include
 from django.db import models
 from django.test import TestCase
 from django.core.exceptions import ImproperlyConfigured
 from rest_framework import serializers, viewsets, permissions
-from rest_framework.compat import include, patterns, url
+from rest_framework.decorators import detail_route, list_route
 from rest_framework.decorators import link, action
 from rest_framework.response import Response
 from rest_framework.routers import SimpleRouter, DefaultRouter
 from rest_framework.test import APIRequestFactory
@ -18,23 +18,23 @@ class BasicViewSet(viewsets.ViewSet):
    def list(self, request, *args, **kwargs):
        return Response({'method': 'list'})
-    @action()
+    @detail_route(methods=['post'])
    def action1(self, request, *args, **kwargs):
        return Response({'method': 'action1'})
-    @action()
+    @detail_route(methods=['post'])
    def action2(self, request, *args, **kwargs):
        return Response({'method': 'action2'})
-    @action(methods=['post', 'delete'])
+    @detail_route(methods=['post', 'delete'])
    def action3(self, request, *args, **kwargs):
        return Response({'method': 'action2'})
-    @link()
+    @detail_route()
    def link1(self, request, *args, **kwargs):
        return Response({'method': 'link1'})
-    @link()
+    @detail_route()
    def link2(self, request, *args, **kwargs):
        return Response({'method': 'link2'})
@ -121,6 +121,27 @@ class TestCustomLookupFields(TestCase):
        )
 class TestLookupValueRegex(TestCase):
    """
    Ensure the router honors lookup_value_regex when applied
    to the viewset.
    """
    def setUp(self):
        class NoteViewSet(viewsets.ModelViewSet):
            queryset = RouterTestModel.objects.all()
            lookup_field = 'uuid'
            lookup_value_regex = '[0-9a-f]{32}'
        self.router = SimpleRouter()
        self.router.register(r'notes', NoteViewSet)
        self.urls = self.router.urls
    def test_urls_limited_by_lookup_value_regex(self):
        expected = ['^notes/$', '^notes/(?P<uuid>[0-9a-f]{32})/$']
        for idx in range(len(expected)):
            self.assertEqual(expected[idx], self.urls[idx].regex.pattern)
 class TestTrailingSlashIncluded(TestCase):
    def setUp(self):
        class NoteViewSet(viewsets.ModelViewSet):
@ -131,7 +152,7 @@ class TestTrailingSlashIncluded(TestCase):
        self.urls = self.router.urls
    def test_urls_have_trailing_slash_by_default(self):
-        expected = ['^notes/$', '^notes/(?P<pk>[^/]+)/$']
+        expected = ['^notes/$', '^notes/(?P<pk>[^/.]+)/$']
        for idx in range(len(expected)):
            self.assertEqual(expected[idx], self.urls[idx].regex.pattern)
@ -175,7 +196,7 @@ class TestActionKeywordArgs(TestCase):
        class TestViewSet(viewsets.ModelViewSet):
            permission_classes = []
-            @action(permission_classes=[permissions.AllowAny])
+            @detail_route(methods=['post'], permission_classes=[permissions.AllowAny])
            def custom(self, request, *args, **kwargs):
                return Response({
                    'permission_classes': self.permission_classes
@ -196,14 +217,14 @@ class TestActionKeywordArgs(TestCase):
 class TestActionAppliedToExistingRoute(TestCase):
    """
-    Ensure `@action` decorator raises an except when applied
+    Ensure `@detail_route` decorator raises an except when applied
    to an existing route
    """
    def test_exception_raised_when_action_applied_to_existing_route(self):
        class TestViewSet(viewsets.ModelViewSet):
-            @action()
+            @detail_route(methods=['post'])
            def retrieve(self, request, *args, **kwargs):
                return Response({
                    'hello': 'world'
@ -214,3 +235,49 @@ class TestActionAppliedToExistingRoute(TestCase):
        with self.assertRaises(ImproperlyConfigured):
            self.router.urls
 class DynamicListAndDetailViewSet(viewsets.ViewSet):
    def list(self, request, *args, **kwargs):
        return Response({'method': 'list'})
    @list_route(methods=['post'])
    def list_route_post(self, request, *args, **kwargs):
        return Response({'method': 'action1'})
    @detail_route(methods=['post'])
    def detail_route_post(self, request, *args, **kwargs):
        return Response({'method': 'action2'})
    @list_route()
    def list_route_get(self, request, *args, **kwargs):
        return Response({'method': 'link1'})
    @detail_route()
    def detail_route_get(self, request, *args, **kwargs):
        return Response({'method': 'link2'})
 class TestDynamicListAndDetailRouter(TestCase):
    def setUp(self):
        self.router = SimpleRouter()
    def test_list_and_detail_route_decorators(self):
        routes = self.router.get_routes(DynamicListAndDetailViewSet)
        decorator_routes = [r for r in routes if not (r.name.endswith('-list') or r.name.endswith('-detail'))]
        # Make sure all these endpoints exist and none have been clobbered
        for i, endpoint in enumerate(['list_route_get', 'list_route_post', 'detail_route_get', 'detail_route_post']):
            route = decorator_routes[i]
            # check url listing
            if endpoint.startswith('list_'):
                self.assertEqual(route.url,
                                 '^{{prefix}}/{0}{{trailing_slash}}$'.format(endpoint))
            else:
                self.assertEqual(route.url,
                                 '^{{prefix}}/{{lookup}}/{0}{{trailing_slash}}$'.format(endpoint))
            # check method to function mapping
            if endpoint.endswith('_post'):
                method_map = 'post'
            else:
                method_map = 'get'
            self.assertEqual(route.mapping[method_map], endpoint)
--- a/tests/test_serializer.py
+++ b/tests/test_serializer.py
@ -30,6 +30,7 @@ if PIL is not None:
        image_field = models.ImageField(upload_to='test', max_length=1024, blank=True)
        slug_field = models.SlugField(max_length=1024, blank=True)
        url_field = models.URLField(max_length=1024, blank=True)
        nullable_char_field = models.CharField(max_length=1024, blank=True, null=True)
    class DVOAFModel(RESTFrameworkModel):
        positive_integer_field = models.PositiveIntegerField(blank=True)
@ -660,7 +661,7 @@ class ModelValidationTests(TestCase):
        second_serializer = AlbumsSerializer(data={'title': 'a'})
        self.assertFalse(second_serializer.is_valid())
        self.assertEqual(second_serializer.errors,  {'title': ['Album with this Title already exists.'],})
-        third_serializer = AlbumsSerializer(data=[{'title': 'b', 'ref': '1'}, {'title': 'c'}])
+        third_serializer = AlbumsSerializer(data=[{'title': 'b', 'ref': '1'}, {'title': 'c'}], many=True)
        self.assertFalse(third_serializer.is_valid())
        self.assertEqual(third_serializer.errors,  [{'ref': ['Album with this Ref already exists.']}, {}])
@ -1257,6 +1258,20 @@ class BlankFieldTests(TestCase):
        serializer = self.model_serializer_class(data={})
        self.assertEqual(serializer.is_valid(), True)
    def test_create_model_null_field_save(self):
        """
        Regression test for #1330.
        https://github.com/tomchristie/django-rest-framework/pull/1330
        """
        serializer = self.model_serializer_class(data={'title': None})
        self.assertEqual(serializer.is_valid(), True)
        try:
            serializer.save()
        except Exception:
            self.fail('Exception raised on save() after validation passes')
 #test for issue #460
 class SerializerPickleTests(TestCase):
@ -1491,7 +1506,7 @@ class NestedSerializerContextTests(TestCase):
                model = Album
                fields = ("photo_set", "callable")
-            photo_set = PhotoSerializer(source="photo_set")
+            photo_set = PhotoSerializer(source="photo_set", many=True)
            callable = serializers.SerializerMethodField("_callable")
            def _callable(self, instance):
@ -1503,7 +1518,7 @@ class NestedSerializerContextTests(TestCase):
            albums = None
        class AlbumCollectionSerializer(serializers.Serializer):
-            albums = AlbumSerializer(source="albums")
+            albums = AlbumSerializer(source="albums", many=True)
        album1 = Album.objects.create(title="album 1")
        album2 = Album.objects.create(title="album 2")
@ -1660,6 +1675,10 @@ class AttributeMappingOnAutogeneratedFieldsTests(TestCase):
            'url_field': [
                ('max_length', 1024),
            ],
            'nullable_char_field': [
                ('max_length', 1024),
                ('allow_none', True),
            ],
        }
    def field_test(self, field):
@ -1696,6 +1715,9 @@ class AttributeMappingOnAutogeneratedFieldsTests(TestCase):
    def test_url_field(self):
        self.field_test('url_field')
    def test_nullable_char_field(self):
        self.field_test('nullable_char_field')
@unittest.skipUnless(PIL is not None, 'PIL is not installed')
 class DefaultValuesOnAutogeneratedFieldsTests(TestCase):
--- a/tests/test_testing.py
+++ b/tests/test_testing.py
@ -1,11 +1,11 @@
 # -- coding: utf-8 --
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url
 from io import BytesIO
 from django.contrib.auth.models import User
 from django.test import TestCase
 from rest_framework.compat import patterns, url
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
 from rest_framework.test import APIClient, APIRequestFactory, force_authenticate
--- a/tests/test_throttling.py
+++ b/tests/test_throttling.py
@ -5,6 +5,7 @@ from __future__ import unicode_literals
 from django.test import TestCase
 from django.contrib.auth.models import User
 from django.core.cache import cache
 from rest_framework.settings import api_settings
 from rest_framework.test import APIRequestFactory
 from rest_framework.views import APIView
 from rest_framework.throttling import BaseThrottle, UserRateThrottle, ScopedRateThrottle
@ -275,3 +276,68 @@ class ScopedRateThrottleTests(TestCase):
            self.increment_timer()
            response = self.unscoped_view(request)
            self.assertEqual(200, response.status_code)
 class XffTestingBase(TestCase):
    def setUp(self):
        class Throttle(ScopedRateThrottle):
            THROTTLE_RATES = {'test_limit': '1/day'}
            TIMER_SECONDS = 0
            timer = lambda self: self.TIMER_SECONDS
        class View(APIView):
            throttle_classes = (Throttle,)
            throttle_scope = 'test_limit'
            def get(self, request):
                return Response('test_limit')
        cache.clear()
        self.throttle = Throttle()
        self.view = View.as_view()
        self.request = APIRequestFactory().get('/some_uri')
        self.request.META['REMOTE_ADDR'] = '3.3.3.3'
        self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 1.1.1.1, 2.2.2.2'
    def config_proxy(self, num_proxies):
        setattr(api_settings, 'NUM_PROXIES', num_proxies)
 class IdWithXffBasicTests(XffTestingBase):
    def test_accepts_request_under_limit(self):
        self.config_proxy(0)
        self.assertEqual(200, self.view(self.request).status_code)
    def test_denies_request_over_limit(self):
        self.config_proxy(0)
        self.view(self.request)
        self.assertEqual(429, self.view(self.request).status_code)
 class XffSpoofingTests(XffTestingBase):
    def test_xff_spoofing_doesnt_change_machine_id_with_one_app_proxy(self):
        self.config_proxy(1)
        self.view(self.request)
        self.request.META['HTTP_X_FORWARDED_FOR'] = '4.4.4.4, 5.5.5.5, 2.2.2.2'
        self.assertEqual(429, self.view(self.request).status_code)
    def test_xff_spoofing_doesnt_change_machine_id_with_two_app_proxies(self):
        self.config_proxy(2)
        self.view(self.request)
        self.request.META['HTTP_X_FORWARDED_FOR'] = '4.4.4.4, 1.1.1.1, 2.2.2.2'
        self.assertEqual(429, self.view(self.request).status_code)
 class XffUniqueMachinesTest(XffTestingBase):
    def test_unique_clients_are_counted_independently_with_one_proxy(self):
        self.config_proxy(1)
        self.view(self.request)
        self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 1.1.1.1, 7.7.7.7'
        self.assertEqual(200, self.view(self.request).status_code)
    def test_unique_clients_are_counted_independently_with_two_proxies(self):
        self.config_proxy(2)
        self.view(self.request)
        self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 7.7.7.7, 2.2.2.2'
        self.assertEqual(200, self.view(self.request).status_code)
--- a/tests/test_urlpatterns.py
+++ b/tests/test_urlpatterns.py
@ -1,9 +1,9 @@
 from __future__ import unicode_literals
 from collections import namedtuple
 from django.conf.urls import patterns, url, include
 from django.core import urlresolvers
 from django.test import TestCase
 from rest_framework.test import APIRequestFactory
 from rest_framework.compat import patterns, url, include
 from rest_framework.urlpatterns import format_suffix_patterns
--- a/tox.ini
+++ b/tox.ini
@ -1,6 +1,6 @@
 [tox]
 downloadcache = {toxworkdir}/cache/
-envlist = py3.3-django1.7,py3.2-django1.7,py2.7-django1.7,py3.3-django1.6,py3.2-django1.6,py2.7-django1.6,py2.6-django1.6,py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.6-django1.5,py2.7-django1.4,py2.6-django1.4,py2.7-django1.3,py2.6-django1.3
+envlist = py3.3-django1.7,py3.2-django1.7,py2.7-django1.7,py3.3-django1.6,py3.2-django1.6,py2.7-django1.6,py2.6-django1.6,py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.6-django1.5,py2.7-django1.4,py2.6-django1.4
 [testenv]
 commands = py.test -q
@ -136,27 +136,3 @@ deps = django==1.4.11
       django-guardian==1.1.1
       Pillow==2.3.0
       pytest-django==2.6.1
 [testenv:py2.7-django1.3]
 basepython = python2.7
 deps = django==1.3.5
       django-filter==0.5.4
       defusedxml==0.3
       django-oauth-plus==2.2.1
       oauth2==1.5.211
       django-oauth2-provider==0.2.3
       django-guardian==1.1.1
       Pillow==2.3.0
       pytest-django==2.6.1
 [testenv:py2.6-django1.3]
 basepython = python2.6
 deps = django==1.3.5
       django-filter==0.5.4
       defusedxml==0.3
       django-oauth-plus==2.2.1
       oauth2==1.5.211
       django-oauth2-provider==0.2.3
       django-guardian==1.1.1
       Pillow==2.3.0
       pytest-django==2.6.1