diff --git a/README.md b/README.md
index bf4016751..e6e43047e 100644
--- a/README.md
+++ b/README.md
@@ -21,14 +21,14 @@ The initial aim is to provide a single full-time position on REST framework.
[![][sentry-img]][sentry-url]
[![][stream-img]][stream-url]
-[![][rollbar-img]][rollbar-url]
-[![][esg-img]][esg-url]
+[![][spacinov-img]][spacinov-url]
[![][retool-img]][retool-url]
[![][bitio-img]][bitio-url]
[![][posthog-img]][posthog-url]
[![][cryptapi-img]][cryptapi-url]
+[![][fezto-img]][fezto-url]
-Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry][sentry-url], [Stream][stream-url], [Rollbar][rollbar-url], [ESG][esg-url], [Retool][retool-url], [bit.io][bitio-url], [PostHog][posthog-url], and [CryptAPI][cryptapi-url].
+Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry][sentry-url], [Stream][stream-url], [Spacinov][spacinov-url], [Retool][retool-url], [bit.io][bitio-url], [PostHog][posthog-url], [CryptAPI][cryptapi-url], and [FEZTO][fezto-url].
---
@@ -55,7 +55,7 @@ There is a live example API for testing purposes, [available here][sandbox].
# Requirements
* Python (3.6, 3.7, 3.8, 3.9, 3.10)
-* Django (2.2, 3.0, 3.1, 3.2, 4.0)
+* Django (2.2, 3.0, 3.1, 3.2, 4.0, 4.1)
We **highly recommend** and only officially support the latest patch release of
each Python and Django series.
@@ -194,21 +194,21 @@ Please see the [security policy][security-policy].
[sentry-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/sentry-readme.png
[stream-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/stream-readme.png
-[rollbar-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/rollbar-readme.png
-[esg-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/esg-readme.png
+[spacinov-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/spacinov-readme.png
[retool-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/retool-readme.png
[bitio-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/bitio-readme.png
[posthog-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/posthog-readme.png
[cryptapi-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/cryptapi-readme.png
+[fezto-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/fezto-readme.png
[sentry-url]: https://getsentry.com/welcome/
[stream-url]: https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage
-[rollbar-url]: https://rollbar.com/?utm_source=django&utm_medium=sponsorship&utm_campaign=freetrial
-[esg-url]: https://software.esg-usa.com/
+[spacinov-url]: https://www.spacinov.com/
[retool-url]: https://retool.com/?utm_source=djangorest&utm_medium=sponsorship
[bitio-url]: https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship
[posthog-url]: https://posthog.com?utm_source=drf&utm_medium=sponsorship&utm_campaign=open-source-sponsorship
[cryptapi-url]: https://cryptapi.io
+[fezto-url]: https://www.fezto.xyz/?utm_source=DjangoRESTFramework
[oauth1-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-rest-framework-oauth
[oauth2-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index 2f23e1718..fca9374d0 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -120,6 +120,14 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
## TokenAuthentication
+---
+
+**Note:** The token authentication provided by Django REST framework is a fairly simple implementation.
+
+For an implementation which allows more than one token per user, has some tighter security implementation details, and supports token expiry, please see the [Django REST Knox][django-rest-knox] third party package.
+
+---
+
This authentication scheme uses a simple token-based HTTP Authentication scheme. Token authentication is appropriate for client-server setups, such as native desktop and mobile clients.
To use the `TokenAuthentication` scheme you'll need to [configure the authentication classes](#setting-the-authentication-scheme) to include `TokenAuthentication`, and additionally include `rest_framework.authtoken` in your `INSTALLED_APPS` setting:
@@ -129,11 +137,9 @@ To use the `TokenAuthentication` scheme you'll need to [configure the authentica
'rest_framework.authtoken'
]
----
+Make sure to run `manage.py migrate` after changing your settings.
-**Note:** Make sure to run `manage.py migrate` after changing your settings. The `rest_framework.authtoken` app provides Django database migrations.
-
----
+The `rest_framework.authtoken` app provides Django database migrations.
You'll also need to create tokens for your users.
@@ -146,7 +152,7 @@ For clients to authenticate, the token key should be included in the `Authorizat
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
-**Note:** If you want to use a different keyword in the header, such as `Bearer`, simply subclass `TokenAuthentication` and set the `keyword` class variable.
+*If you want to use a different keyword in the header, such as `Bearer`, simply subclass `TokenAuthentication` and set the `keyword` class variable.*
If successfully authenticated, `TokenAuthentication` provides the following credentials.
@@ -355,6 +361,10 @@ The following example will authenticate any incoming request as the user given b
The following third-party packages are also available.
+## django-rest-knox
+
+[Django-rest-knox][django-rest-knox] library provides models and views to handle token-based authentication in a more secure and extensible way than the built-in TokenAuthentication scheme - with Single Page Applications and Mobile clients in mind. It provides per-client tokens, and views to generate them when provided some other authentication (usually basic authentication), to delete the token (providing a server enforced logout) and to delete all tokens (logs out all clients that a user is logged into).
+
## Django OAuth Toolkit
The [Django OAuth Toolkit][django-oauth-toolkit] package provides OAuth 2.0 support and works with Python 3.4+. The package is maintained by [jazzband][jazzband] and uses the excellent [OAuthLib][oauthlib]. The package is well documented, and well supported and is currently our **recommended package for OAuth 2.0 support**.
@@ -422,11 +432,7 @@ There are currently two forks of this project.
## drf-social-oauth2
-[Drf-social-oauth2][drf-social-oauth2] is a framework that helps you authenticate with major social oauth2 vendors, such as Facebook, Google, Twitter, Orcid, etc. It generates tokens in a JWTed way with an easy setup.
-
-## django-rest-knox
-
-[Django-rest-knox][django-rest-knox] library provides models and views to handle token-based authentication in a more secure and extensible way than the built-in TokenAuthentication scheme - with Single Page Applications and Mobile clients in mind. It provides per-client tokens, and views to generate them when provided some other authentication (usually basic authentication), to delete the token (providing a server enforced logout) and to delete all tokens (logs out all clients that a user is logged into).
+[Drf-social-oauth2][drf-social-oauth2] is a framework that helps you authenticate with major social oauth2 vendors, such as Facebook, Google, Twitter, Orcid, etc. It generates tokens in a JWTed way with an easy setup.
## drfpasswordless
diff --git a/docs/api-guide/exceptions.md b/docs/api-guide/exceptions.md
index e62a7e4f9..347541d56 100644
--- a/docs/api-guide/exceptions.md
+++ b/docs/api-guide/exceptions.md
@@ -260,6 +260,15 @@ Set as `handler400`:
handler400 = 'rest_framework.exceptions.bad_request'
+# Third party packages
+
+The following third-party packages are also available.
+
+## DRF Standardized Errors
+
+The [drf-standardized-errors][drf-standardized-errors] package provides an exception handler that generates the same format for all 4xx and 5xx responses. It is a drop-in replacement for the default exception handler and allows customizing the error response format without rewriting the whole exception handler. The standardized error response format is easier to document and easier to handle by API consumers.
+
[cite]: https://doughellmann.com/blog/2009/06/19/python-exception-handling-techniques/
[authentication]: authentication.md
[django-custom-error-views]: https://docs.djangoproject.com/en/dev/topics/http/views/#customizing-error-views
+[drf-standardized-errors]: https://github.com/ghazi-git/drf-standardized-errors
diff --git a/docs/api-guide/fields.md b/docs/api-guide/fields.md
index 5b9688dca..e9ef5c6b6 100644
--- a/docs/api-guide/fields.md
+++ b/docs/api-guide/fields.md
@@ -42,7 +42,7 @@ Set to false if this field is not required to be present during deserialization.
Setting this to `False` also allows the object attribute or dictionary key to be omitted from output when serializing the instance. If the key is not present it will simply not be included in the output representation.
-Defaults to `True`.
+Defaults to `True`. If you're using [Model Serializer](https://www.django-rest-framework.org/api-guide/serializers/#modelserializer) default value will be `False` if you have specified `blank=True` or `default` or `null=True` at your field in your `Model`.
### `default`
diff --git a/docs/api-guide/routers.md b/docs/api-guide/routers.md
index 8d8594eee..70c05fdde 100644
--- a/docs/api-guide/routers.md
+++ b/docs/api-guide/routers.md
@@ -338,5 +338,5 @@ The [`DRF-extensions` package][drf-extensions] provides [routers][drf-extensions
[drf-extensions-nested-viewsets]: https://chibisov.github.io/drf-extensions/docs/#nested-routes
[drf-extensions-collection-level-controllers]: https://chibisov.github.io/drf-extensions/docs/#collection-level-controllers
[drf-extensions-customizable-endpoint-names]: https://chibisov.github.io/drf-extensions/docs/#controller-endpoint-name
-[url-namespace-docs]: https://docs.djangoproject.com/en/1.11/topics/http/urls/#url-namespaces
-[include-api-reference]: https://docs.djangoproject.com/en/2.0/ref/urls/#include
+[url-namespace-docs]: https://docs.djangoproject.com/en/4.0/topics/http/urls/#url-namespaces
+[include-api-reference]: https://docs.djangoproject.com/en/4.0/ref/urls/#include
diff --git a/docs/api-guide/schemas.md b/docs/api-guide/schemas.md
index b9de6745f..004e2d3ce 100644
--- a/docs/api-guide/schemas.md
+++ b/docs/api-guide/schemas.md
@@ -165,7 +165,7 @@ In order to customize the top-level schema, subclass
as an argument to the `generateschema` command or `get_schema_view()` helper
function.
-### get_schema(self, request)
+### get_schema(self, request=None, public=False)
Returns a dictionary that represents the OpenAPI schema:
@@ -313,6 +313,11 @@ Computes the component's name from the serializer.
You may see warnings if your API has duplicate component names. If so you can override `get_component_name()` or pass the `component_name` `__init__()` kwarg (see below) to provide different names.
+#### `get_reference()`
+
+Returns a reference to the serializer component. This may be useful if you override `get_schema()`.
+
+
#### `map_serializer()`
Maps serializers to their OpenAPI representations.
diff --git a/docs/community/funding.md b/docs/community/funding.md
index 662e3d5d9..2158cd38f 100644
--- a/docs/community/funding.md
+++ b/docs/community/funding.md
@@ -137,7 +137,7 @@ REST framework continues to be open-source and permissively licensed, but we fir
## What future funding will enable
* Realtime API support, using WebSockets. This will consist of documentation and support for using REST framework together with Django Channels, plus integrating WebSocket support into the client libraries.
-* Better authentication defaults, possibly bringing JWT & CORs support into the core package.
+* Better authentication defaults, possibly bringing JWT & CORS support into the core package.
* Securing the community & operations manager position long-term.
* Opening up and securing a part-time position to focus on ticket triage and resolution.
* Paying for development time on building API client libraries in a range of programming languages. These would be integrated directly into the upcoming API documentation.
diff --git a/docs/community/jobs.md b/docs/community/jobs.md
index 5f3d60b55..ce85b7570 100644
--- a/docs/community/jobs.md
+++ b/docs/community/jobs.md
@@ -11,7 +11,7 @@ Looking for a new Django REST Framework related role? On this site we provide a
* [https://djangojobs.net/jobs/][django-jobs-net]
* [https://findwork.dev/django-rest-framework-jobs][findwork-dev]
* [https://www.indeed.com/q-Django-jobs.html][indeed-com]
-* [https://stackoverflow.com/jobs/developer-jobs-using-django][stackoverflow-com]
+* [https://stackoverflow.com/jobs/companies?tl=django][stackoverflow-com]
* [https://www.upwork.com/o/jobs/browse/skill/django-framework/][upwork-com]
* [https://www.technojobs.co.uk/django-jobs][technobjobs-co-uk]
* [https://remoteok.io/remote-django-jobs][remoteok-io]
@@ -29,7 +29,7 @@ Wonder how else you can help? One of the best ways you can help Django REST Fram
[django-jobs-net]: https://djangojobs.net/jobs/
[findwork-dev]: https://findwork.dev/django-rest-framework-jobs
[indeed-com]: https://www.indeed.com/q-Django-jobs.html
-[stackoverflow-com]: https://stackoverflow.com/jobs/developer-jobs-using-django
+[stackoverflow-com]: https://stackoverflow.com/jobs/companies?tl=django
[upwork-com]: https://www.upwork.com/o/jobs/browse/skill/django-framework/
[technobjobs-co-uk]: https://www.technojobs.co.uk/django-jobs
[remoteok-io]: https://remoteok.io/remote-django-jobs
diff --git a/docs/community/third-party-packages.md b/docs/community/third-party-packages.md
index e25421f50..9513b13d1 100644
--- a/docs/community/third-party-packages.md
+++ b/docs/community/third-party-packages.md
@@ -148,6 +148,8 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque
* [django-elasticsearch-dsl-drf][django-elasticsearch-dsl-drf] - Integrate Elasticsearch DSL with Django REST framework. Package provides views, serializers, filter backends, pagination and other handy add-ons.
* [django-api-client][django-api-client] - DRF client that groups the Endpoint response, for use in CBVs and FBV as if you were working with Django's Native Models..
* [fast-drf] - A model based library for making API development faster and easier.
+* [django-requestlogs] - Providing middleware and other helpers for audit logging for REST framework.
+* [drf-standardized-errors][drf-standardized-errors] - DRF exception handler to standardize error responses for all API endpoints.
[cite]: http://www.software-ecosystems.com/Software_Ecosystems/Ecosystems.html
[cookiecutter]: https://github.com/jpadilla/cookiecutter-django-rest-framework
@@ -237,3 +239,5 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque
[graphwrap]: https://github.com/PaulGilmartin/graph_wrap
[rest-framework-actions]: https://github.com/AlexisMunera98/rest-framework-actions
[fast-drf]: https://github.com/iashraful/fast-drf
+[django-requestlogs]: https://github.com/Raekkeri/django-requestlogs
+[drf-standardized-errors]: https://github.com/ghazi-git/drf-standardized-errors
diff --git a/docs/img/premium/bitio-readme.png b/docs/img/premium/bitio-readme.png
index c47118cc6..d5d6259e6 100644
Binary files a/docs/img/premium/bitio-readme.png and b/docs/img/premium/bitio-readme.png differ
diff --git a/docs/img/premium/cryptapi-readme.png b/docs/img/premium/cryptapi-readme.png
index 163f6a9ea..10839b13b 100644
Binary files a/docs/img/premium/cryptapi-readme.png and b/docs/img/premium/cryptapi-readme.png differ
diff --git a/docs/img/premium/fezto-readme.png b/docs/img/premium/fezto-readme.png
new file mode 100644
index 000000000..7cc3be6e6
Binary files /dev/null and b/docs/img/premium/fezto-readme.png differ
diff --git a/docs/img/premium/posthog-readme.png b/docs/img/premium/posthog-readme.png
index 9ca8b0ecf..0fc09f0b8 100644
Binary files a/docs/img/premium/posthog-readme.png and b/docs/img/premium/posthog-readme.png differ
diff --git a/docs/img/premium/retool-readme.png b/docs/img/premium/retool-readme.png
index 56adba04d..971563427 100644
Binary files a/docs/img/premium/retool-readme.png and b/docs/img/premium/retool-readme.png differ
diff --git a/docs/img/premium/sentry-readme.png b/docs/img/premium/sentry-readme.png
index 420e8ee87..3c8858aca 100644
Binary files a/docs/img/premium/sentry-readme.png and b/docs/img/premium/sentry-readme.png differ
diff --git a/docs/img/premium/spacinov-readme.png b/docs/img/premium/spacinov-readme.png
new file mode 100644
index 000000000..20e925211
Binary files /dev/null and b/docs/img/premium/spacinov-readme.png differ
diff --git a/docs/img/premium/stream-readme.png b/docs/img/premium/stream-readme.png
index 15da6ba71..a6a7317b7 100644
Binary files a/docs/img/premium/stream-readme.png and b/docs/img/premium/stream-readme.png differ
diff --git a/docs/index.md b/docs/index.md
index e58f24df8..2f44fae9a 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -68,16 +68,16 @@ continued development by **[signing up for a paid plan][funding]**.
-*Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage), [ESG](https://software.esg-usa.com/), [Rollbar](https://rollbar.com/?utm_source=django&utm_medium=sponsorship&utm_campaign=freetrial), [Cadre](https://cadre.com), [Kloudless](https://hubs.ly/H0f30Lf0), [Lights On Software](https://lightsonsoftware.com), [Retool](https://retool.com/?utm_source=djangorest&utm_medium=sponsorship), [bit.io](https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [PostHog](https://posthog.com?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), and [CryptAPI](https://cryptapi.io).*
+*Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage), [Spacinov](https://www.spacinov.com/), [Retool](https://retool.com/?utm_source=djangorest&utm_medium=sponsorship), [bit.io](https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [PostHog](https://posthog.com?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [CryptAPI](https://cryptapi.io), and [FEZTO](https://www.fezto.xyz/?utm_source=DjangoRESTFramework).*
---
@@ -86,7 +86,7 @@ continued development by **[signing up for a paid plan][funding]**.
REST framework requires the following:
* Python (3.6, 3.7, 3.8, 3.9, 3.10)
-* Django (2.2, 3.0, 3.1, 3.2, 4.0)
+* Django (2.2, 3.0, 3.1, 3.2, 4.0, 4.1)
We **highly recommend** and only officially support the latest patch release of
each Python and Django series.
diff --git a/docs/tutorial/6-viewsets-and-routers.md b/docs/tutorial/6-viewsets-and-routers.md
index 18066f056..e12becbd0 100644
--- a/docs/tutorial/6-viewsets-and-routers.md
+++ b/docs/tutorial/6-viewsets-and-routers.md
@@ -112,8 +112,8 @@ Here's our re-wired `snippets/urls.py` file.
# Create a router and register our viewsets with it.
router = DefaultRouter()
- router.register(r'snippets', views.SnippetViewSet,basename="snippets")
- router.register(r'users', views.UserViewSet,basename="users")
+ router.register(r'snippets', views.SnippetViewSet,basename="snippet")
+ router.register(r'users', views.UserViewSet,basename="user")
# The API URLs are now determined automatically by the router.
urlpatterns = [
diff --git a/requirements/requirements-documentation.txt b/requirements/requirements-documentation.txt
index ad4928730..cf2dc26e8 100644
--- a/requirements/requirements-documentation.txt
+++ b/requirements/requirements-documentation.txt
@@ -1,2 +1,3 @@
# MkDocs to build our documentation.
mkdocs>=1.1.2,<1.2
+jinja2>=2.10,<3.1.0 # contextfilter has been renamed
diff --git a/requirements/requirements-optionals.txt b/requirements/requirements-optionals.txt
index 0ec19f23c..5b394e8e0 100644
--- a/requirements/requirements-optionals.txt
+++ b/requirements/requirements-optionals.txt
@@ -4,8 +4,7 @@ coreschema==0.0.4
django-filter>=2.4.0,<3.0
django-guardian>=2.4.0,<2.5
inflection==0.5.1
-markdown==3.3;python_version>="3.6"
-markdown==3.2.2;python_version=="3.5"
+markdown==3.3
psycopg2-binary>=2.8.5,<2.9
-pygments>=2.7.1,<2.8
+pygments==2.12
pyyaml>=5.3.1,<5.4
diff --git a/rest_framework/compat.py b/rest_framework/compat.py
index 4bae7729f..ac5cbc572 100644
--- a/rest_framework/compat.py
+++ b/rest_framework/compat.py
@@ -2,6 +2,7 @@
The `compat` module provides support for backwards compatibility with older
versions of Django/Python, and compatibility wrappers around optional packages.
"""
+import django
from django.conf import settings
from django.views.generic import View
@@ -152,6 +153,30 @@ else:
return False
+if django.VERSION >= (4, 2):
+ # Django 4.2+: use the stock parse_header_parameters function
+ # Note: Django 4.1 also has an implementation of parse_header_parameters
+ # which is slightly different from the one in 4.2, it needs
+ # the compatibility shim as well.
+ from django.utils.http import parse_header_parameters
+else:
+ # Django <= 4.1: create a compatibility shim for parse_header_parameters
+ from django.http.multipartparser import parse_header
+
+ def parse_header_parameters(line):
+ # parse_header works with bytes, but parse_header_parameters
+ # works with strings. Call encode to convert the line to bytes.
+ main_value_pair, params = parse_header(line.encode())
+ return main_value_pair, {
+ # parse_header will convert *some* values to string.
+ # parse_header_parameters converts *all* values to string.
+ # Make sure all values are converted by calling decode on
+ # any remaining non-string values.
+ k: v if isinstance(v, str) else v.decode()
+ for k, v in params.items()
+ }
+
+
# `separators` argument to `json.dumps()` differs between 2.x and 3.x
# See: https://bugs.python.org/issue22767
SHORT_SEPARATORS = (',', ':')
diff --git a/rest_framework/fields.py b/rest_framework/fields.py
index d7e7816ce..45c8bbefd 100644
--- a/rest_framework/fields.py
+++ b/rest_framework/fields.py
@@ -27,7 +27,6 @@ from django.utils.duration import duration_string
from django.utils.encoding import is_protected_type, smart_str
from django.utils.formats import localize_input, sanitize_separators
from django.utils.ipv6 import clean_ipv6_address
-from django.utils.timezone import utc
from django.utils.translation import gettext_lazy as _
from pytz.exceptions import InvalidTimeError
@@ -63,6 +62,9 @@ def is_simple_callable(obj):
"""
True if the object is a callable that takes no arguments.
"""
+ if not callable(obj):
+ return False
+
# Bail early since we cannot inspect built-in function signatures.
if inspect.isbuiltin(obj):
raise BuiltinSignatureError(
@@ -1177,7 +1179,7 @@ class DateTimeField(Field):
When `self.default_timezone` is `None`, always return naive datetimes.
When `self.default_timezone` is not `None`, always return aware datetimes.
"""
- field_timezone = getattr(self, 'timezone', self.default_timezone())
+ field_timezone = self.timezone if hasattr(self, 'timezone') else self.default_timezone()
if field_timezone is not None:
if timezone.is_aware(value):
@@ -1190,7 +1192,7 @@ class DateTimeField(Field):
except InvalidTimeError:
self.fail('make_aware', timezone=field_timezone)
elif (field_timezone is None) and timezone.is_aware(value):
- return timezone.make_naive(value, utc)
+ return timezone.make_naive(value, datetime.timezone.utc)
return value
def default_timezone(self):
diff --git a/rest_framework/negotiation.py b/rest_framework/negotiation.py
index 76113a827..b4bbfa1f5 100644
--- a/rest_framework/negotiation.py
+++ b/rest_framework/negotiation.py
@@ -4,7 +4,7 @@ incoming request. Typically this will be based on the request's Accept header.
"""
from django.http import Http404
-from rest_framework import HTTP_HEADER_ENCODING, exceptions
+from rest_framework import exceptions
from rest_framework.settings import api_settings
from rest_framework.utils.mediatypes import (
_MediaType, media_type_matches, order_by_precedence
@@ -64,9 +64,11 @@ class DefaultContentNegotiation(BaseContentNegotiation):
# Accepted media type is 'application/json'
full_media_type = ';'.join(
(renderer.media_type,) +
- tuple('{}={}'.format(
- key, value.decode(HTTP_HEADER_ENCODING))
- for key, value in media_type_wrapper.params.items()))
+ tuple(
+ '{}={}'.format(key, value)
+ for key, value in media_type_wrapper.params.items()
+ )
+ )
return renderer, full_media_type
else:
# Eg client requests 'application/json; indent=8'
diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py
index fc4eb1428..4ee8e578b 100644
--- a/rest_framework/parsers.py
+++ b/rest_framework/parsers.py
@@ -5,7 +5,6 @@ They give us a generic way of being able to handle various media types
on the request, such as form content or json encoded data.
"""
import codecs
-from urllib import parse
from django.conf import settings
from django.core.files.uploadhandler import StopFutureHandlers
@@ -13,10 +12,10 @@ from django.http import QueryDict
from django.http.multipartparser import ChunkIter
from django.http.multipartparser import \
MultiPartParser as DjangoMultiPartParser
-from django.http.multipartparser import MultiPartParserError, parse_header
-from django.utils.encoding import force_str
+from django.http.multipartparser import MultiPartParserError
from rest_framework import renderers
+from rest_framework.compat import parse_header_parameters
from rest_framework.exceptions import ParseError
from rest_framework.settings import api_settings
from rest_framework.utils import json
@@ -201,23 +200,10 @@ class FileUploadParser(BaseParser):
try:
meta = parser_context['request'].META
- disposition = parse_header(meta['HTTP_CONTENT_DISPOSITION'].encode())
- filename_parm = disposition[1]
- if 'filename*' in filename_parm:
- return self.get_encoded_filename(filename_parm)
- return force_str(filename_parm['filename'])
+ disposition, params = parse_header_parameters(meta['HTTP_CONTENT_DISPOSITION'])
+ if 'filename*' in params:
+ return params['filename*']
+ else:
+ return params['filename']
except (AttributeError, KeyError, ValueError):
pass
-
- def get_encoded_filename(self, filename_parm):
- """
- Handle encoded filenames per RFC6266. See also:
- https://tools.ietf.org/html/rfc2231#section-4
- """
- encoded_filename = force_str(filename_parm['filename*'])
- try:
- charset, lang, filename = encoded_filename.split('\'', 2)
- filename = parse.unquote(filename)
- except (ValueError, LookupError):
- filename = force_str(filename_parm['filename'])
- return filename
diff --git a/rest_framework/relations.py b/rest_framework/relations.py
index c98700784..bdedd43b8 100644
--- a/rest_framework/relations.py
+++ b/rest_framework/relations.py
@@ -10,7 +10,7 @@ from django.utils.encoding import smart_str, uri_to_iri
from django.utils.translation import gettext_lazy as _
from rest_framework.fields import (
- Field, empty, get_attribute, is_simple_callable, iter_options
+ Field, SkipField, empty, get_attribute, is_simple_callable, iter_options
)
from rest_framework.reverse import reverse
from rest_framework.settings import api_settings
@@ -535,7 +535,30 @@ class ManyRelatedField(Field):
if hasattr(instance, 'pk') and instance.pk is None:
return []
- relationship = get_attribute(instance, self.source_attrs)
+ try:
+ relationship = get_attribute(instance, self.source_attrs)
+ except (KeyError, AttributeError) as exc:
+ if self.default is not empty:
+ return self.get_default()
+ if self.allow_null:
+ return None
+ if not self.required:
+ raise SkipField()
+ msg = (
+ 'Got {exc_type} when attempting to get a value for field '
+ '`{field}` on serializer `{serializer}`.\nThe serializer '
+ 'field might be named incorrectly and not match '
+ 'any attribute or key on the `{instance}` instance.\n'
+ 'Original exception text was: {exc}.'.format(
+ exc_type=type(exc).__name__,
+ field=self.field_name,
+ serializer=self.parent.__class__.__name__,
+ instance=instance.__class__.__name__,
+ exc=exc
+ )
+ )
+ raise type(exc)(msg)
+
return relationship.all() if hasattr(relationship, 'all') else relationship
def to_representation(self, iterable):
diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
index 8824fa660..b74df9a0b 100644
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@@ -14,7 +14,6 @@ from django import forms
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured
from django.core.paginator import Page
-from django.http.multipartparser import parse_header
from django.template import engines, loader
from django.urls import NoReverseMatch
from django.utils.html import mark_safe
@@ -22,7 +21,7 @@ from django.utils.html import mark_safe
from rest_framework import VERSION, exceptions, serializers, status
from rest_framework.compat import (
INDENT_SEPARATORS, LONG_SEPARATORS, SHORT_SEPARATORS, coreapi, coreschema,
- pygments_css, yaml
+ parse_header_parameters, pygments_css, yaml
)
from rest_framework.exceptions import ParseError
from rest_framework.request import is_form_media_type, override_method
@@ -72,7 +71,7 @@ class JSONRenderer(BaseRenderer):
# If the media type looks like 'application/json; indent=4',
# then pretty print the result.
# Note that we coerce `indent=0` into `indent=None`.
- base_media_type, params = parse_header(accepted_media_type.encode('ascii'))
+ base_media_type, params = parse_header_parameters(accepted_media_type)
try:
return zero_as_none(max(min(int(params['indent']), 8), 0))
except (KeyError, ValueError, TypeError):
diff --git a/rest_framework/request.py b/rest_framework/request.py
index 17ceadb08..93634e667 100644
--- a/rest_framework/request.py
+++ b/rest_framework/request.py
@@ -14,11 +14,11 @@ from contextlib import contextmanager
from django.conf import settings
from django.http import HttpRequest, QueryDict
-from django.http.multipartparser import parse_header
from django.http.request import RawPostDataException
from django.utils.datastructures import MultiValueDict
-from rest_framework import HTTP_HEADER_ENCODING, exceptions
+from rest_framework import exceptions
+from rest_framework.compat import parse_header_parameters
from rest_framework.settings import api_settings
@@ -26,7 +26,7 @@ def is_form_media_type(media_type):
"""
Return True if the media type is a valid form media type.
"""
- base_media_type, params = parse_header(media_type.encode(HTTP_HEADER_ENCODING))
+ base_media_type, params = parse_header_parameters(media_type)
return (base_media_type == 'application/x-www-form-urlencoded' or
base_media_type == 'multipart/form-data')
diff --git a/rest_framework/schemas/openapi.py b/rest_framework/schemas/openapi.py
index cc903672d..20e500d70 100644
--- a/rest_framework/schemas/openapi.py
+++ b/rest_framework/schemas/openapi.py
@@ -637,7 +637,7 @@ class AutoSchema(ViewInspector):
"""
return self.get_serializer(path, method)
- def _get_reference(self, serializer):
+ def get_reference(self, serializer):
return {'$ref': '#/components/schemas/{}'.format(self.get_component_name(serializer))}
def get_request_body(self, path, method):
@@ -651,7 +651,7 @@ class AutoSchema(ViewInspector):
if not isinstance(serializer, serializers.Serializer):
item_schema = {}
else:
- item_schema = self._get_reference(serializer)
+ item_schema = self.get_reference(serializer)
return {
'content': {
@@ -675,7 +675,7 @@ class AutoSchema(ViewInspector):
if not isinstance(serializer, serializers.Serializer):
item_schema = {}
else:
- item_schema = self._get_reference(serializer)
+ item_schema = self.get_reference(serializer)
if is_list_view(path, method, self.view):
response_schema = {
@@ -809,3 +809,11 @@ class AutoSchema(ViewInspector):
RemovedInDRF314Warning, stacklevel=2
)
return self.allows_filters(path, method)
+
+ def _get_reference(self, serializer):
+ warnings.warn(
+ "Method `_get_reference()` has been renamed to `get_reference()`. "
+ "The old name will be removed in DRF v3.14.",
+ RemovedInDRF314Warning, stacklevel=2
+ )
+ return self.get_reference(serializer)
diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py
index db0e9c95c..ccd9430b4 100644
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@@ -218,7 +218,7 @@ def format_value(value):
return template.render(context)
elif isinstance(value, str):
if (
- (value.startswith('http:') or value.startswith('https:')) and not
+ (value.startswith('http:') or value.startswith('https:') or value.startswith('/')) and not
re.search(r'\s', value)
):
return mark_safe('{value}'.format(value=escape(value)))
diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
index e262b886b..c0d6cf42f 100644
--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@@ -171,7 +171,7 @@ class AnonRateThrottle(SimpleRateThrottle):
scope = 'anon'
def get_cache_key(self, request, view):
- if request.user.is_authenticated:
+ if request.user and request.user.is_authenticated:
return None # Only throttle unauthenticated requests.
return self.cache_format % {
@@ -191,7 +191,7 @@ class UserRateThrottle(SimpleRateThrottle):
scope = 'user'
def get_cache_key(self, request, view):
- if request.user.is_authenticated:
+ if request.user and request.user.is_authenticated:
ident = request.user.pk
else:
ident = self.get_ident(request)
@@ -237,9 +237,9 @@ class ScopedRateThrottle(SimpleRateThrottle):
If `view.throttle_scope` is not set, don't apply this throttle.
Otherwise generate the unique cache key by concatenating the user id
- with the '.throttle_scope` property of the view.
+ with the `.throttle_scope` property of the view.
"""
- if request.user.is_authenticated:
+ if request.user and request.user.is_authenticated:
ident = request.user.pk
else:
ident = self.get_ident(request)
diff --git a/rest_framework/utils/field_mapping.py b/rest_framework/utils/field_mapping.py
index 4f8a4f192..7e8e8f046 100644
--- a/rest_framework/utils/field_mapping.py
+++ b/rest_framework/utils/field_mapping.py
@@ -95,6 +95,9 @@ def get_field_kwargs(field_name, model_field):
(hasattr(models, 'JSONField') and isinstance(model_field, models.JSONField)):
kwargs['style'] = {'base_template': 'textarea.html'}
+ if model_field.null:
+ kwargs['allow_null'] = True
+
if isinstance(model_field, models.AutoField) or not model_field.editable:
# If this field is read-only, then return early.
# Further keyword arguments are not valid.
@@ -104,9 +107,6 @@ def get_field_kwargs(field_name, model_field):
if model_field.has_default() or model_field.blank or model_field.null:
kwargs['required'] = False
- if model_field.null:
- kwargs['allow_null'] = True
-
if model_field.blank and (isinstance(model_field, (models.CharField, models.TextField))):
kwargs['allow_blank'] = True
@@ -217,15 +217,9 @@ def get_field_kwargs(field_name, model_field):
]
if getattr(model_field, 'unique', False):
- unique_error_message = model_field.error_messages.get('unique', None)
- if unique_error_message:
- unique_error_message = unique_error_message % {
- 'model_name': model_field.model._meta.verbose_name,
- 'field_label': model_field.verbose_name
- }
validator = UniqueValidator(
queryset=model_field.model._default_manager,
- message=unique_error_message)
+ message=get_unique_error_message(model_field))
validator_kwarg.append(validator)
if validator_kwarg:
@@ -269,6 +263,8 @@ def get_relation_kwargs(field_name, relation_info):
if not model_field.editable:
kwargs['read_only'] = True
kwargs.pop('queryset', None)
+ if model_field.null:
+ kwargs['allow_null'] = True
if kwargs.get('read_only', False):
# If this field is read-only, then return early.
# No further keyword arguments are valid.
@@ -276,12 +272,12 @@ def get_relation_kwargs(field_name, relation_info):
if model_field.has_default() or model_field.blank or model_field.null:
kwargs['required'] = False
- if model_field.null:
- kwargs['allow_null'] = True
if model_field.validators:
kwargs['validators'] = model_field.validators
if getattr(model_field, 'unique', False):
- validator = UniqueValidator(queryset=model_field.model._default_manager)
+ validator = UniqueValidator(
+ queryset=model_field.model._default_manager,
+ message=get_unique_error_message(model_field))
kwargs['validators'] = kwargs.get('validators', []) + [validator]
if to_many and not model_field.blank:
kwargs['allow_empty'] = False
@@ -300,3 +296,13 @@ def get_url_kwargs(model_field):
return {
'view_name': get_detail_view_name(model_field)
}
+
+
+def get_unique_error_message(model_field):
+ unique_error_message = model_field.error_messages.get('unique', None)
+ if unique_error_message:
+ unique_error_message = unique_error_message % {
+ 'model_name': model_field.model._meta.verbose_name,
+ 'field_label': model_field.verbose_name
+ }
+ return unique_error_message
diff --git a/rest_framework/utils/mediatypes.py b/rest_framework/utils/mediatypes.py
index 40bdf2615..b9004d496 100644
--- a/rest_framework/utils/mediatypes.py
+++ b/rest_framework/utils/mediatypes.py
@@ -3,9 +3,7 @@ Handling of media types, as found in HTTP Content-Type and Accept headers.
See https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
"""
-from django.http.multipartparser import parse_header
-
-from rest_framework import HTTP_HEADER_ENCODING
+from rest_framework.compat import parse_header_parameters
def media_type_matches(lhs, rhs):
@@ -46,7 +44,7 @@ def order_by_precedence(media_type_lst):
class _MediaType:
def __init__(self, media_type_str):
self.orig = '' if (media_type_str is None) else media_type_str
- self.full_type, self.params = parse_header(self.orig.encode(HTTP_HEADER_ENCODING))
+ self.full_type, self.params = parse_header_parameters(self.orig)
self.main_type, sep, self.sub_type = self.full_type.partition('/')
def match(self, other):
@@ -79,5 +77,5 @@ class _MediaType:
def __str__(self):
ret = "%s/%s" % (self.main_type, self.sub_type)
for key, val in self.params.items():
- ret += "; %s=%s" % (key, val.decode('ascii'))
+ ret += "; %s=%s" % (key, val)
return ret
diff --git a/setup.py b/setup.py
index 3c3761c86..cb6708c6e 100755
--- a/setup.py
+++ b/setup.py
@@ -94,6 +94,7 @@ setup(
'Framework :: Django :: 3.1',
'Framework :: Django :: 3.2',
'Framework :: Django :: 4.0',
+ 'Framework :: Django :: 4.1',
'Intended Audience :: Developers',
'License :: OSI Approved :: BSD License',
'Operating System :: OS Independent',
diff --git a/tests/browsable_api/no_auth_urls.py b/tests/browsable_api/no_auth_urls.py
index 65701c065..33491ad92 100644
--- a/tests/browsable_api/no_auth_urls.py
+++ b/tests/browsable_api/no_auth_urls.py
@@ -1,7 +1,8 @@
from django.urls import path
-from .views import MockView
+from .views import BasicModelWithUsersViewSet, MockView
urlpatterns = [
path('', MockView.as_view()),
+ path('basicviewset', BasicModelWithUsersViewSet.as_view({'get': 'list'})),
]
diff --git a/tests/browsable_api/serializers.py b/tests/browsable_api/serializers.py
new file mode 100644
index 000000000..e8a1cdef8
--- /dev/null
+++ b/tests/browsable_api/serializers.py
@@ -0,0 +1,8 @@
+from rest_framework.serializers import ModelSerializer
+from tests.models import BasicModelWithUsers
+
+
+class BasicSerializer(ModelSerializer):
+ class Meta:
+ model = BasicModelWithUsers
+ fields = '__all__'
diff --git a/tests/browsable_api/test_browsable_api.py b/tests/browsable_api/test_browsable_api.py
index 17644c2ac..a76d11fe3 100644
--- a/tests/browsable_api/test_browsable_api.py
+++ b/tests/browsable_api/test_browsable_api.py
@@ -1,8 +1,35 @@
from django.contrib.auth.models import User
from django.test import TestCase, override_settings
+from rest_framework.permissions import IsAuthenticated
from rest_framework.test import APIClient
+from .views import BasicModelWithUsersViewSet, OrganizationPermissions
+
+
+@override_settings(ROOT_URLCONF='tests.browsable_api.no_auth_urls')
+class AnonymousUserTests(TestCase):
+ """Tests correct handling of anonymous user request on endpoints with IsAuthenticated permission class."""
+
+ def setUp(self):
+ self.client = APIClient(enforce_csrf_checks=True)
+
+ def tearDown(self):
+ self.client.logout()
+
+ def test_get_raises_typeerror_when_anonymous_user_in_queryset_filter(self):
+ with self.assertRaises(TypeError):
+ self.client.get('/basicviewset')
+
+ def test_get_returns_http_forbidden_when_anonymous_user(self):
+ old_permissions = BasicModelWithUsersViewSet.permission_classes
+ BasicModelWithUsersViewSet.permission_classes = [IsAuthenticated, OrganizationPermissions]
+
+ response = self.client.get('/basicviewset')
+
+ BasicModelWithUsersViewSet.permission_classes = old_permissions
+ self.assertEqual(response.status_code, 403)
+
@override_settings(ROOT_URLCONF='tests.browsable_api.auth_urls')
class DropdownWithAuthTests(TestCase):
diff --git a/tests/browsable_api/views.py b/tests/browsable_api/views.py
index e1cf13a1e..e73967bf8 100644
--- a/tests/browsable_api/views.py
+++ b/tests/browsable_api/views.py
@@ -1,6 +1,16 @@
from rest_framework import authentication, renderers
+from rest_framework.permissions import BasePermission
from rest_framework.response import Response
from rest_framework.views import APIView
+from rest_framework.viewsets import ModelViewSet
+
+from ..models import BasicModelWithUsers
+from .serializers import BasicSerializer
+
+
+class OrganizationPermissions(BasePermission):
+ def has_object_permission(self, request, view, obj):
+ return request.user.is_staff or (request.user == obj.owner.organization_user.user)
class MockView(APIView):
@@ -9,3 +19,15 @@ class MockView(APIView):
def get(self, request):
return Response({'a': 1, 'b': 2, 'c': 3})
+
+
+class BasicModelWithUsersViewSet(ModelViewSet):
+ queryset = BasicModelWithUsers.objects.all()
+ serializer_class = BasicSerializer
+ permission_classes = [OrganizationPermissions]
+ # permission_classes = [IsAuthenticated, OrganizationPermissions]
+ renderer_classes = (renderers.BrowsableAPIRenderer, renderers.JSONRenderer)
+
+ def get_queryset(self):
+ qs = super().get_queryset().filter(users=self.request.user)
+ return qs
diff --git a/tests/models.py b/tests/models.py
index afe649760..666e9f003 100644
--- a/tests/models.py
+++ b/tests/models.py
@@ -1,5 +1,6 @@
import uuid
+from django.contrib.auth.models import User
from django.db import models
from django.utils.translation import gettext_lazy as _
@@ -33,6 +34,10 @@ class ManyToManySource(RESTFrameworkModel):
targets = models.ManyToManyField(ManyToManyTarget, related_name='sources')
+class BasicModelWithUsers(RESTFrameworkModel):
+ users = models.ManyToManyField(User)
+
+
# ForeignKey
class ForeignKeyTarget(RESTFrameworkModel):
name = models.CharField(max_length=100)
diff --git a/tests/test_description.py b/tests/test_description.py
index 363ad6513..ecc6b9776 100644
--- a/tests/test_description.py
+++ b/tests/test_description.py
@@ -1,5 +1,3 @@
-import sys
-
import pytest
from django.test import TestCase
@@ -33,7 +31,7 @@ indented
# If markdown is installed we also test it's working
# (and that our wrapped forces '=' to h2 and '-' to h3)
-MARKDOWN_BASE = """an example docstring
+MARKDOWN_DOCSTRING = """an example docstring
- list
- list
@@ -42,25 +40,8 @@ MARKDOWN_BASE = """an example docstring
code block
indented
-%s"""
-
-MARKDOWN_gte_33 = """
-[{
\
- "alpha":\
- 1,
\
- "beta":\
- "this is a string"
\
-}]
"""
-
-MARKDOWN_lt_33 = """
-[{
\
- "alpha":\
- 1,
\
- "beta":\
- "this is a string"
\
-}]
[{
"alpha": 1,
"beta": "this is a string"
}]
"""
@@ -163,11 +144,7 @@ class TestViewNamesAndDescriptions(TestCase):
"""
Ensure markdown to HTML works as expected.
"""
- # Markdown 3.3 is only supported on Python 3.6 and higher
- if sys.version_info >= (3, 6):
- assert apply_markdown(DESCRIPTION) == MARKDOWN_BASE % MARKDOWN_gte_33
- else:
- assert apply_markdown(DESCRIPTION) == MARKDOWN_BASE % MARKDOWN_lt_33
+ assert apply_markdown(DESCRIPTION) == MARKDOWN_DOCSTRING
def test_dedent_tabs():
diff --git a/tests/test_encoders.py b/tests/test_encoders.py
index c104dd5a5..953e5564b 100644
--- a/tests/test_encoders.py
+++ b/tests/test_encoders.py
@@ -1,15 +1,16 @@
-from datetime import date, datetime, timedelta
+from datetime import date, datetime, timedelta, timezone
from decimal import Decimal
from uuid import uuid4
import pytest
from django.test import TestCase
-from django.utils.timezone import utc
from rest_framework.compat import coreapi
from rest_framework.utils.encoders import JSONEncoder
from rest_framework.utils.serializer_helpers import ReturnList
+utc = timezone.utc
+
class MockList:
def tolist(self):
diff --git a/tests/test_fields.py b/tests/test_fields.py
index 7a5304a82..cbec79119 100644
--- a/tests/test_fields.py
+++ b/tests/test_fields.py
@@ -9,7 +9,7 @@ import pytz
from django.core.exceptions import ValidationError as DjangoValidationError
from django.http import QueryDict
from django.test import TestCase, override_settings
-from django.utils.timezone import activate, deactivate, override, utc
+from django.utils.timezone import activate, deactivate, override
import rest_framework
from rest_framework import exceptions, serializers
@@ -17,6 +17,8 @@ from rest_framework.fields import (
BuiltinSignatureError, DjangoImageField, is_simple_callable
)
+utc = datetime.timezone.utc
+
# Tests for helper functions.
# ---------------------------
@@ -73,6 +75,10 @@ class TestIsSimpleCallable:
assert is_simple_callable(valid_vargs_kwargs)
assert not is_simple_callable(invalid)
+ @pytest.mark.parametrize('obj', (True, None, "str", b'bytes', 123, 1.23))
+ def test_not_callable(self, obj):
+ assert not is_simple_callable(obj)
+
def test_4602_regression(self):
from django.db import models
@@ -1859,9 +1865,9 @@ class TestMultipleChoiceField(FieldValues):
def test_against_partial_and_full_updates(self):
field = serializers.MultipleChoiceField(choices=(('a', 'a'), ('b', 'b')))
field.partial = False
- assert field.get_value(QueryDict({})) == []
+ assert field.get_value(QueryDict('')) == []
field.partial = True
- assert field.get_value(QueryDict({})) == rest_framework.fields.empty
+ assert field.get_value(QueryDict('')) == rest_framework.fields.empty
class TestEmptyMultipleChoiceField(FieldValues):
diff --git a/tests/test_model_serializer.py b/tests/test_model_serializer.py
index 7da1b41ae..419eae632 100644
--- a/tests/test_model_serializer.py
+++ b/tests/test_model_serializer.py
@@ -12,6 +12,7 @@ import sys
import tempfile
from collections import OrderedDict
+import django
import pytest
from django.core.exceptions import ImproperlyConfigured
from django.core.serializers.json import DjangoJSONEncoder
@@ -452,11 +453,14 @@ class TestPosgresFieldsMapping(TestCase):
model = ArrayFieldModel
fields = ['array_field', 'array_field_with_blank']
+ validators = ""
+ if django.VERSION < (4, 1):
+ validators = ", validators=[]"
expected = dedent("""
TestSerializer():
- array_field = ListField(allow_empty=False, child=CharField(label='Array field', validators=[]))
- array_field_with_blank = ListField(child=CharField(label='Array field with blank', validators=[]), required=False)
- """)
+ array_field = ListField(allow_empty=False, child=CharField(label='Array field'%s))
+ array_field_with_blank = ListField(child=CharField(label='Array field with blank'%s), required=False)
+ """ % (validators, validators))
self.assertEqual(repr(TestSerializer()), expected)
@pytest.mark.skipif(hasattr(models, 'JSONField'), reason='has models.JSONField')
@@ -1021,6 +1025,73 @@ class Issue2704TestCase(TestCase):
assert serializer.data == expected
+class Issue7550FooModel(models.Model):
+ text = models.CharField(max_length=100)
+ bar = models.ForeignKey(
+ 'Issue7550BarModel', null=True, blank=True, on_delete=models.SET_NULL,
+ related_name='foos', related_query_name='foo')
+
+
+class Issue7550BarModel(models.Model):
+ pass
+
+
+class Issue7550TestCase(TestCase):
+
+ def test_dotted_source(self):
+
+ class _FooSerializer(serializers.ModelSerializer):
+ class Meta:
+ model = Issue7550FooModel
+ fields = ('id', 'text')
+
+ class FooSerializer(serializers.ModelSerializer):
+ other_foos = _FooSerializer(source='bar.foos', many=True)
+
+ class Meta:
+ model = Issue7550BarModel
+ fields = ('id', 'other_foos')
+
+ bar = Issue7550BarModel.objects.create()
+ foo_a = Issue7550FooModel.objects.create(bar=bar, text='abc')
+ foo_b = Issue7550FooModel.objects.create(bar=bar, text='123')
+
+ assert FooSerializer(foo_a).data == {
+ 'id': foo_a.id,
+ 'other_foos': [
+ {
+ 'id': foo_a.id,
+ 'text': foo_a.text,
+ },
+ {
+ 'id': foo_b.id,
+ 'text': foo_b.text,
+ },
+ ],
+ }
+
+ def test_dotted_source_with_default(self):
+
+ class _FooSerializer(serializers.ModelSerializer):
+ class Meta:
+ model = Issue7550FooModel
+ fields = ('id', 'text')
+
+ class FooSerializer(serializers.ModelSerializer):
+ other_foos = _FooSerializer(source='bar.foos', default=[], many=True)
+
+ class Meta:
+ model = Issue7550FooModel
+ fields = ('id', 'other_foos')
+
+ foo = Issue7550FooModel.objects.create(bar=None, text='abc')
+
+ assert FooSerializer(foo).data == {
+ 'id': foo.id,
+ 'other_foos': [],
+ }
+
+
class DecimalFieldModel(models.Model):
decimal_field = models.DecimalField(
max_digits=3,
diff --git a/tests/test_validators.py b/tests/test_validators.py
index bccbe1514..39490ac86 100644
--- a/tests/test_validators.py
+++ b/tests/test_validators.py
@@ -42,6 +42,12 @@ class RelatedModelSerializer(serializers.ModelSerializer):
fields = ('username', 'email')
+class RelatedModelUserSerializer(serializers.ModelSerializer):
+ class Meta:
+ model = RelatedModel
+ fields = ('user',)
+
+
class AnotherUniquenessModel(models.Model):
code = models.IntegerField(unique=True)
@@ -83,6 +89,13 @@ class TestUniquenessValidation(TestCase):
assert not serializer.is_valid()
assert serializer.errors == {'username': ['uniqueness model with this username already exists.']}
+ def test_relation_is_not_unique(self):
+ RelatedModel.objects.create(user=self.instance)
+ data = {'user': self.instance.pk}
+ serializer = RelatedModelUserSerializer(data=data)
+ assert not serializer.is_valid()
+ assert serializer.errors == {'user': ['related model with this user already exists.']}
+
def test_is_unique(self):
data = {'username': 'other'}
serializer = UniquenessSerializer(data=data)
diff --git a/tox.ini b/tox.ini
index a41176d72..c275a0abe 100644
--- a/tox.ini
+++ b/tox.ini
@@ -3,7 +3,7 @@ envlist =
{py36,py37,py38,py39}-django22,
{py36,py37,py38,py39}-django31,
{py36,py37,py38,py39,py310}-django32,
- {py38,py39,py310}-{django40,djangomain},
+ {py38,py39,py310}-{django40,django41,djangomain},
base,dist,docs,
[travis:env]
@@ -12,6 +12,7 @@ DJANGO =
3.1: django31
3.2: django32
4.0: django40
+ 4.1: django41
main: djangomain
[testenv]
@@ -24,7 +25,8 @@ deps =
django22: Django>=2.2,<3.0
django31: Django>=3.1,<3.2
django32: Django>=3.2,<4.0
- django40: Django>=4.0,<5.0
+ django40: Django>=4.0,<4.1
+ django41: Django>=4.1a1,<4.2
djangomain: https://github.com/django/django/archive/main.tar.gz
-rrequirements/requirements-testing.txt
-rrequirements/requirements-optionals.txt