From 7dc3dbbad1edaac1ac16ef51040f9ff3138fad4e Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Thu, 6 Mar 2014 09:02:46 +0000
Subject: [PATCH] Update docs

---
 api-guide/authentication.html                  |  7 +++++--
 api-guide/serializers.html                     |  2 +-
 topics/contributing.html                       |  8 ++++----
 topics/release-notes.html                      | 10 ++++++++++
 tutorial/4-authentication-and-permissions.html |  2 +-
 5 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/api-guide/authentication.html b/api-guide/authentication.html
index 2265deb1b..f8e753996 100644
--- a/api-guide/authentication.html
+++ b/api-guide/authentication.html
@@ -186,6 +186,7 @@
 <li><a href="#django-oauth-toolkit">Django OAuth Toolkit</a></li>
 <li><a href="#django-oauth2-consumer">Django OAuth2 Consumer</a></li>
 <li><a href="#json-web-token-authentication">JSON Web Token Authentication</a></li>
+<li><a href="#hawk-http-authentication">Hawk HTTP Authentication</a></li>
 <li><a href="#http-signature-authentication">HTTP Signature Authentication</a></li>
 
               <div>
@@ -268,7 +269,7 @@ def example_view(request, format=None):
 <h2 id="apache-mod_wsgi-specific-configuration">Apache mod_wsgi specific configuration</h2>
 <p>Note that if deploying to <a href="http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization">Apache using mod_wsgi</a>, the authorization header is not passed through to a WSGI application by default, as it is assumed that authentication will be handled by Apache, rather than at an application level.</p>
 <p>If you are deploying to Apache, and using any non-session based authentication, you will need to explicitly configure mod_wsgi to pass the required headers through to the application.  This can be done by specifying the <code>WSGIPassAuthorization</code> directive in the appropriate context and setting it to <code>'On'</code>.</p>
-<pre class="prettyprint lang-py"><code># this can go in either server config, virtual host, directory or .htaccess 
+<pre class="prettyprint lang-py"><code># this can go in either server config, virtual host, directory or .htaccess
 WSGIPassAuthorization On
 </code></pre>
 <hr />
@@ -285,7 +286,7 @@ WSGIPassAuthorization On
 </code></pre>
 <p><strong>Note:</strong> If you use <code>BasicAuthentication</code> in production you must ensure that your API is only available over <code>https</code>.  You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage.</p>
 <h2 id="tokenauthentication">TokenAuthentication</h2>
-<p>This authentication scheme uses a simple token-based HTTP Authentication scheme.  Token authentication is appropriate for client-server setups, such as native desktop and mobile clients. </p>
+<p>This authentication scheme uses a simple token-based HTTP Authentication scheme.  Token authentication is appropriate for client-server setups, such as native desktop and mobile clients.</p>
 <p>To use the <code>TokenAuthentication</code> scheme, include <code>rest_framework.authtoken</code> in your <code>INSTALLED_APPS</code> setting:</p>
 <pre class="prettyprint lang-py"><code>INSTALLED_APPS = (
     ...
@@ -482,6 +483,8 @@ class ExampleAuthentication(authentication.BaseAuthentication):
 <p>The <a href="https://github.com/Rediker-Software/doac">Django OAuth2 Consumer</a> library from <a href="https://github.com/Rediker-Software">Rediker Software</a> is another package that provides <a href="https://github.com/Rediker-Software/doac/blob/master/docs/integrations.md#">OAuth 2.0 support for REST framework</a>.  The package includes token scoping permissions on tokens, which allows finer-grained access to your API.</p>
 <h2 id="json-web-token-authentication">JSON Web Token Authentication</h2>
 <p>JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. <a href="https://github.com/GetBlimp">Blimp</a> maintains the <a href="https://github.com/GetBlimp/django-rest-framework-jwt">djangorestframework-jwt</a> package which provides a JWT Authentication class as well as a mechanism for clients to obtain a JWT given the username and password.</p>
+<h2 id="hawk-http-authentication">Hawk HTTP Authentication</h2>
+<p>The <a href="http://hawkrest.readthedocs.org/en/latest/">HawkREST</a> library builds on the <a href="http://mohawk.readthedocs.org/en/latest/">Mohawk</a> library to let you work with <a href="https://github.com/hueniverse/hawk">Hawk</a> signed requests and responses in your API. <a href="https://github.com/hueniverse/hawk">Hawk</a> lets two parties securely communicate with each other using messages signed by a shared key. It is based on <a href="http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05">HTTP MAC access authentication</a> (which was based on parts of <a href="http://oauth.net/core/1.0a">OAuth 1.0</a>).</p>
 <h2 id="http-signature-authentication">HTTP Signature Authentication</h2>
 <p>HTTP Signature (currently a <a href="https://datatracker.ietf.org/doc/draft-cavage-http-signatures/">IETF draft</a>) provides a way to achieve origin authentication and message integrity for HTTP messages. Similar to <a href="http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Amazon's HTTP Signature scheme</a>, used by many of its services, it permits stateless, per-request authentication. <a href="https://github.com/etoccalino/">Elvio Toccalino</a> maintains the <a href="https://github.com/etoccalino/django-rest-framework-httpsignature">djangorestframework-httpsignature</a> package which provides an easy to use HTTP Signature Authentication mechanism.</p>
           </div><!--/span-->
diff --git a/api-guide/serializers.html b/api-guide/serializers.html
index 97cff7b8d..2536b149b 100644
--- a/api-guide/serializers.html
+++ b/api-guide/serializers.html
@@ -332,7 +332,7 @@ class EventSerializer(serializers.Serializer):
         """
         Check that the start is before the stop.
         """
-        if attrs['start'] &lt; attrs['finish']:
+        if attrs['start'] &gt; attrs['finish']:
             raise serializers.ValidationError("finish must occur after start")
         return attrs
 </code></pre>
diff --git a/topics/contributing.html b/topics/contributing.html
index c9b1956ce..6da9761c0 100644
--- a/topics/contributing.html
+++ b/topics/contributing.html
@@ -206,7 +206,7 @@
 <p>The most important thing you can do to help push the REST framework project forward is to be actively involved wherever possible.  Code contributions are often overvalued as being the primary way to get involved in a project, we don't believe that needs to be the case.</p>
 <p>If you use REST framework, we'd love you to be vocal about your experiences with it - you might consider writing a blog post about using REST framework, or publishing a tutorial about building a project with a particular Javascript framework.  Experiences from beginners can be particularly helpful because you'll be in the best position to assess which bits of REST framework are more difficult to understand and work with.</p>
 <p>Other really great ways you can help move the community forward include helping answer questions on the <a href="https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework">discussion group</a>, or setting up an <a href="http://stackexchange.com/filters/66475/rest-framework">email alert on StackOverflow</a> so that you get notified of any new questions with the <code>django-rest-framework</code> tag.</p>
-<p>When answering questions make sure to help future contributors find their way around by hyperlinking wherever possible to related threads and tickets, and include backlinks from those items if relevant. </p>
+<p>When answering questions make sure to help future contributors find their way around by hyperlinking wherever possible to related threads and tickets, and include backlinks from those items if relevant.</p>
 <h2 id="code-of-conduct">Code of conduct</h2>
 <p>Please keep the tone polite &amp; professional.  For some users a discussion on the REST framework mailing list or ticket tracker may be their first engagement with the open source community.  First impressions count, so let's try to make everyone feel welcome.</p>
 <p>Be mindful in the language you choose.  As an example, in an environment that is heavily male-dominated, posts that start 'Hey guys,' can come across as unintentionally exclusive.  It's just as easy, and more inclusive to use gender neutral language in those situations.</p>
@@ -222,7 +222,7 @@
 <li>Closing an issue doesn't necessarily mean the end of a discussion.  If you believe your issue has been closed incorrectly, explain why and we'll consider if it needs to be reopened.</li>
 </ul>
 <h2 id="triaging-issues">Triaging issues</h2>
-<p>Getting involved in triaging incoming issues is a good way to start contributing.  Every single ticket that comes into the ticket tracker needs to be reviewed in order to determine what the next steps should be.  Anyone can help out with this, you just need to be willing to </p>
+<p>Getting involved in triaging incoming issues is a good way to start contributing.  Every single ticket that comes into the ticket tracker needs to be reviewed in order to determine what the next steps should be.  Anyone can help out with this, you just need to be willing to</p>
 <ul>
 <li>Read through the ticket - does it make sense, is it missing any context that would help explain it better?</li>
 <li>Is the ticket reported in the correct place, would it be better suited as a discussion on the discussion group?</li>
@@ -246,7 +246,7 @@ pip install -r optionals.txt
 # Run the tests
 rest_framework/runtests/runtests.py
 </code></pre>
-<p>You can also use the excellent <code>[tox][tox]</code> testing tool to run the tests against all supported versions of Python and Django.  Install <code>tox</code> globally, and then simply run:</p>
+<p>You can also use the excellent <a href="http://tox.readthedocs.org/en/latest/">tox</a> testing tool to run the tests against all supported versions of Python and Django.  Install <code>tox</code> globally, and then simply run:</p>
 <pre class="prettyprint lang-py"><code>tox
 </code></pre>
 <h2 id="pull-requests">Pull requests</h2>
@@ -285,7 +285,7 @@ rest_framework/runtests/runtests.py
 <p>Headers should use the hash style.  For example:</p>
 <pre class="prettyprint lang-py"><code>### Some important topic
 </code></pre>
-<p>The underline style should not be used.  <strong>Don't do this:</strong> </p>
+<p>The underline style should not be used.  <strong>Don't do this:</strong></p>
 <pre class="prettyprint lang-py"><code>Some important topic
 ====================
 </code></pre>
diff --git a/topics/release-notes.html b/topics/release-notes.html
index 91ed440eb..50e061c10 100644
--- a/topics/release-notes.html
+++ b/topics/release-notes.html
@@ -225,6 +225,16 @@
 </code></pre>
 <hr />
 <h2 id="23x-series">2.3.x series</h2>
+<h3 id="2313">2.3.13</h3>
+<p><strong>Date</strong>: 6th March 2014</p>
+<ul>
+<li>Django 1.7 Support.</li>
+<li>Fix <code>default</code> argument when used with serializer relation fields.</li>
+<li>Display the media type of the content that is being displayed in the browsable API, rather than 'text/html'.</li>
+<li>Bugfix for <code>urlize</code> template failure when URL regex is matched, but value does not <code>urlparse</code>.</li>
+<li>Use <code>urandom</code> for token generation.</li>
+<li>Only use <code>Vary: Accept</code> when more than one renderer exists.</li>
+</ul>
 <h3 id="2312">2.3.12</h3>
 <p><strong>Date</strong>: 15th January 2014</p>
 <ul>
diff --git a/tutorial/4-authentication-and-permissions.html b/tutorial/4-authentication-and-permissions.html
index 65cc65e22..d2f2f8033 100644
--- a/tutorial/4-authentication-and-permissions.html
+++ b/tutorial/4-authentication-and-permissions.html
@@ -290,7 +290,7 @@ url(r'^users/(?P&lt;pk&gt;[0-9]+)/$', views.UserDetail.as_view()),
 </code></pre>
 <h2 id="adding-login-to-the-browsable-api">Adding login to the Browsable API</h2>
 <p>If you open a browser and navigate to the browsable API at the moment, you'll find that you're no longer able to create new code snippets.  In order to do so we'd need to be able to login as a user.</p>
-<p>We can add a login view for use with the browsable API, by editing our URLconf once more.</p>
+<p>We can add a login view for use with the browsable API, by editing the URLconf in our project-level urls.py file.</p>
 <p>Add the following import at the top of the file:</p>
 <pre class="prettyprint lang-py"><code>from django.conf.urls import include
 </code></pre>