Deployed 83ad265e with MkDocs version: 1.1

2025-05-20 20:46:08 +03:00 · 2021-03-25 12:24:20 +00:00 · 2021-03-25 12:24:20 +00:00 · ef6d5fc165
commit ef6d5fc165
parent b3f7747027
23 changed files with 234 additions and 107 deletions
--- a/api-guide/authentication/index.html
+++ b/api-guide/authentication/index.html
@ -503,6 +503,14 @@
                      <a href="#drfpasswordless">drfpasswordless</a>
                    </li>
                  
+                    <li>
+                      <a href="#django-rest-authemail">django-rest-authemail</a>
+                    </li>
+                  
+                    <li>
+                      <a href="#django-rest-durin">Django-Rest-Durin</a>
+                    </li>
+                  
                

                  <div class="promo">
@ -564,8 +572,8 @@ class ExampleView(APIView):

    def get(self, request, format=None):
        content = {
-            'user': unicode(request.user),  # `django.contrib.auth.User` instance.
-            'auth': unicode(request.auth),  # None
+            'user': str(request.user),  # `django.contrib.auth.User` instance.
+            'auth': str(request.auth),  # None
        }
        return Response(content)
 </code></pre>
@ -575,8 +583,8 @@ class ExampleView(APIView):
@permission_classes([IsAuthenticated])
 def example_view(request, format=None):
    content = {
-        'user': unicode(request.user),  # `django.contrib.auth.User` instance.
-        'auth': unicode(request.auth),  # None
+        'user': str(request.user),  # `django.contrib.auth.User` instance.
+        'auth': str(request.auth),  # None
    }
    return Response(content)
 </code></pre>
@ -784,7 +792,7 @@ class ExampleAuthentication(authentication.BaseAuthentication):
 <h1 id="third-party-packages"><a class="toclink" href="#third-party-packages">Third party packages</a></h1>
 <p>The following third party packages are also available.</p>
 <h2 id="django-oauth-toolkit"><a class="toclink" href="#django-oauth-toolkit">Django OAuth Toolkit</a></h2>
-<p>The <a href="https://github.com/evonove/django-oauth-toolkit">Django OAuth Toolkit</a> package provides OAuth 2.0 support and works with Python 3.4+. The package is maintained by <a href="https://github.com/evonove/">Evonove</a> and uses the excellent <a href="https://github.com/idan/oauthlib">OAuthLib</a>.  The package is well documented, and well supported and is currently our <strong>recommended package for OAuth 2.0 support</strong>.</p>
+<p>The <a href="https://github.com/evonove/django-oauth-toolkit">Django OAuth Toolkit</a> package provides OAuth 2.0 support and works with Python 3.4+. The package is maintained by <a href="https://github.com/jazzband/">jazzband</a> and uses the excellent <a href="https://github.com/idan/oauthlib">OAuthLib</a>.  The package is well documented, and well supported and is currently our <strong>recommended package for OAuth 2.0 support</strong>.</p>
 <h4 id="installation-configuration"><a class="toclink" href="#installation-configuration">Installation &amp; configuration</a></h4>
 <p>Install using <code>pip</code>.</p>
 <pre><code>pip install django-oauth-toolkit
@ -831,6 +839,11 @@ REST_FRAMEWORK = {
 <p><a href="https://github.com/James1345/django-rest-knox">Django-rest-knox</a> library provides models and views to handle token based authentication in a more secure and extensible way than the built-in TokenAuthentication scheme - with Single Page Applications and Mobile clients in mind. It provides per-client tokens, and views to generate them when provided some other authentication (usually basic authentication), to delete the token (providing a server enforced logout) and to delete all tokens (logs out all clients that a user is logged into).</p>
 <h2 id="drfpasswordless"><a class="toclink" href="#drfpasswordless">drfpasswordless</a></h2>
 <p><a href="https://github.com/aaronn/django-rest-framework-passwordless">drfpasswordless</a> adds (Medium, Square Cash inspired) passwordless support to Django REST Framework's own TokenAuthentication scheme. Users log in and sign up with a token sent to a contact point like an email address or a mobile number.</p>
+<h2 id="django-rest-authemail"><a class="toclink" href="#django-rest-authemail">django-rest-authemail</a></h2>
+<p><a href="https://github.com/celiao/django-rest-authemail">django-rest-authemail</a> provides a RESTful API interface for user signup and authentication. Email addresses are used for authentication, rather than usernames.  API endpoints are available for signup, signup email verification, login, logout, password reset, password reset verification, email change, email change verification, password change, and user detail.  A fully-functional example project and detailed instructions are included.</p>
+<h2 id="django-rest-durin"><a class="toclink" href="#django-rest-durin">Django-Rest-Durin</a></h2>
+<p><a href="https://github.com/eshaan7/django-rest-durin">Django-Rest-Durin</a> is built with the idea to have one library that does token auth for multiple Web/CLI/Mobile API clients via one interface but allows different token configuration for each API Client that consumes the API. It provides support for multiple tokens per user via custom models, views, permissions that work with Django-Rest-Framework. The token expiration time can be different per API client and is customizable via the Django Admin Interface.</p>
+<p>More information can be found in the <a href="https://django-rest-durin.readthedocs.io/en/latest/index.html">Documentation</a>.</p>
            

          </div> <!--/span-->
--- a/api-guide/caching/index.html
+++ b/api-guide/caching/index.html
@ -440,11 +440,11 @@ provided in Django.</p>
 <h2 id="using-cache-with-apiview-and-viewsets"><a class="toclink" href="#using-cache-with-apiview-and-viewsets">Using cache with apiview and viewsets</a></h2>
 <p>Django provides a <a href="https://docs.djangoproject.com/en/dev/topics/class-based-views/intro/#decorating-the-class"><code>method_decorator</code></a> to use
 decorators with class based views. This can be used with
-other cache decorators such as <a href="https://docs.djangoproject.com/en/dev/topics/cache/#the-per-view-cache"><code>cache_page</code></a> and
-<a href="https://docs.djangoproject.com/en/dev/topics/http/decorators/#django.views.decorators.vary.vary_on_cookie"><code>vary_on_cookie</code></a>.</p>
+other cache decorators such as <a href="https://docs.djangoproject.com/en/dev/topics/cache/#the-per-view-cache"><code>cache_page</code></a>,
+<a href="https://docs.djangoproject.com/en/dev/topics/http/decorators/#django.views.decorators.vary.vary_on_cookie"><code>vary_on_cookie</code></a> and <a href="https://docs.djangoproject.com/en/dev/topics/http/decorators/#django.views.decorators.vary.vary_on_headers"><code>vary_on_headers</code></a>.</p>
 <pre><code class="language-python">from django.utils.decorators import method_decorator
 from django.views.decorators.cache import cache_page
-from django.views.decorators.vary import vary_on_cookie
+from django.views.decorators.vary import vary_on_cookie, vary_on_headers

 from rest_framework.response import Response
 from rest_framework.views import APIView
@ -452,8 +452,7 @@ from rest_framework import viewsets


 class UserViewSet(viewsets.ViewSet):
-
-    # Cache requested url for each user for 2 hours
+    # With cookie: cache requested url for each user for 2 hours
    @method_decorator(cache_page(60*60*2))
    @method_decorator(vary_on_cookie)
    def list(self, request, format=None):
@ -463,8 +462,18 @@ class UserViewSet(viewsets.ViewSet):
        return Response(content)


-class PostView(APIView):
+class ProfileView(APIView):
+    # With auth: cache requested url for each user for 2 hours
+    @method_decorator(cache_page(60*60*2))
+    @method_decorator(vary_on_headers(&quot;Authorization&quot;,))
+    def get(self, request, format=None):
+        content = {
+            'user_feed': request.user.get_user_feed()
+        }
+        return Response(content)

+
+class PostView(APIView):
    # Cache page for the requested url
    @method_decorator(cache_page(60*60*2))
    def get(self, request, format=None):
--- a/api-guide/exceptions/index.html
+++ b/api-guide/exceptions/index.html
@ -529,7 +529,7 @@ Content-Length: 42
 {"detail": "Method 'DELETE' not allowed."}
 </code></pre>
 <p>Validation errors are handled slightly differently, and will include the field names as the keys in the response. If the validation error was not specific to a particular field then it will use the "non_field_errors" key, or whatever string value has been set for the <code>NON_FIELD_ERRORS_KEY</code> setting.</p>
-<p>Any example validation error might look like this:</p>
+<p>An example validation error might look like this:</p>
 <pre><code>HTTP/1.1 400 Bad Request
 Content-Type: application/json
 Content-Length: 94
@ -654,7 +654,7 @@ dictionary of items:</p>
 <p>The <code>ValidationError</code> exception is slightly different from the other <code>APIException</code> classes:</p>
 <ul>
 <li>The <code>detail</code> argument is mandatory, not optional.</li>
-<li>The <code>detail</code> argument may be a list or dictionary of error details, and may also be a nested data structure.</li>
+<li>The <code>detail</code> argument may be a list or dictionary of error details, and may also be a nested data structure. By using a dictionary, you can specify field-level errors while performing object-level validation in the <code>validate()</code> method of a serializer. For example. <code>raise serializers.ValidationError({'name': 'Please enter a valid name.'})</code></li>
 <li>By convention you should import the serializers module and use a fully qualified <code>ValidationError</code> style, in order to differentiate it from Django's built-in validation error. For example. <code>raise serializers.ValidationError('This field must be an integer value.')</code></li>
 </ul>
 <p>The <code>ValidationError</code> class should be used for serializer and field validation, and by validator classes. It is also raised when calling <code>serializer.is_valid</code> with the <code>raise_exception</code> keyword argument:</p>
--- a/api-guide/fields/index.html
+++ b/api-guide/fields/index.html
@ -1032,6 +1032,7 @@ class UserSerializer(serializers.ModelSerializer):

    class Meta:
        model = User
+        fields = '__all__'

    def get_days_since_joined(self, obj):
        return (now() - obj.date_joined).days
--- a/api-guide/filtering/index.html
+++ b/api-guide/filtering/index.html
@ -574,7 +574,7 @@ class PurchaseList(generics.ListAPIView):
        by filtering against a `username` query parameter in the URL.
        """
        queryset = Purchase.objects.all()
-        username = self.request.query_params.get('username', None)
+        username = self.request.query_params.get('username')
        if username is not None:
            queryset = queryset.filter(purchaser__username=username)
        return queryset
--- a/api-guide/parsers/index.html
+++ b/api-guide/parsers/index.html
@ -558,7 +558,7 @@ def example_view(request, format=None):
 <hr />
 <h1 id="api-reference"><a class="toclink" href="#api-reference">API Reference</a></h1>
 <h2 id="jsonparser"><a class="toclink" href="#jsonparser">JSONParser</a></h2>
-<p>Parses <code>JSON</code> request content.</p>
+<p>Parses <code>JSON</code> request content. <code>request.data</code> will be populated with a dictionary of data.</p>
 <p><strong>.media_type</strong>: <code>application/json</code></p>
 <h2 id="formparser"><a class="toclink" href="#formparser">FormParser</a></h2>
 <p>Parses HTML form content.  <code>request.data</code> will be populated with a <code>QueryDict</code> of data.</p>
--- a/api-guide/permissions/index.html
+++ b/api-guide/permissions/index.html
@ -466,6 +466,12 @@
                    </li>
                  
                
+                  <li class="main">
+                    <a href="#overview-of-access-restriction-methods">Overview of access restriction methods</a>
+                  </li>
+
+                  
+                
                  <li class="main">
                    <a href="#third-party-packages">Third party packages</a>
                  </li>
@ -569,6 +575,7 @@ permissions</em></a> section (below).</p>
 <h4 id="limitations-of-object-level-permissions"><a class="toclink" href="#limitations-of-object-level-permissions">Limitations of object level permissions</a></h4>
 <p>For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.</p>
 <p>Often when you're using object level permissions you'll also want to <a href="../filtering/">filter the queryset</a> appropriately, to ensure that users only have visibility onto instances that they are permitted to view.</p>
+<p>Because the <code>get_object()</code> method is not called, object level permissions from the <code>has_object_permission()</code> method <strong>are not applied</strong> when creating objects. In order to restrict object creation you need to implement the permission check either in your Serializer class or override the <code>perform_create()</code> method of your ViewSet class.</p>
 <h2 id="setting-the-permission-policy"><a class="toclink" href="#setting-the-permission-policy">Setting the permission policy</a></h2>
 <p>The default permission policy may be set globally, using the <code>DEFAULT_PERMISSION_CLASSES</code> setting.  For example.</p>
 <pre><code>REST_FRAMEWORK = {
@ -610,7 +617,7 @@ def example_view(request, format=None):
    }
    return Response(content)
 </code></pre>
-<p><strong>Note:</strong> when you set new permission classes through class attribute or decorators you're telling the view to ignore the default list set over the <strong>settings.py</strong> file.</p>
+<p><strong>Note:</strong> when you set new permission classes via the class attribute or decorators you're telling the view to ignore the default list set in the <strong>settings.py</strong> file.</p>
 <p>Provided they inherit from <code>rest_framework.permissions.BasePermission</code>, permissions can be composed using standard Python bitwise operators. For example, <code>IsAuthenticatedOrReadOnly</code> could be written:</p>
 <pre><code>from rest_framework.permissions import BasePermission, IsAuthenticated, SAFE_METHODS
 from rest_framework.response import Response
@ -645,7 +652,7 @@ class ExampleView(APIView):
 <p>The <code>IsAuthenticatedOrReadOnly</code> will allow authenticated users to perform any request.  Requests for unauthorised users will only be permitted if the request method is one of the "safe" methods; <code>GET</code>, <code>HEAD</code> or <code>OPTIONS</code>.</p>
 <p>This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.</p>
 <h2 id="djangomodelpermissions"><a class="toclink" href="#djangomodelpermissions">DjangoModelPermissions</a></h2>
-<p>This permission class ties into Django's standard <code>django.contrib.auth</code> <a href="https://docs.djangoproject.com/en/stable/topics/auth/customizing/#custom-permissions">model permissions</a>.  This permission must only be applied to views that have a <code>.queryset</code> property set. Authorization will only be granted if the user <em>is authenticated</em> and has the <em>relevant model permissions</em> assigned.</p>
+<p>This permission class ties into Django's standard <code>django.contrib.auth</code> <a href="https://docs.djangoproject.com/en/stable/topics/auth/customizing/#custom-permissions">model permissions</a>.  This permission must only be applied to views that have a <code>.queryset</code> property or <code>get_queryset()</code> method. Authorization will only be granted if the user <em>is authenticated</em> and has the <em>relevant model permissions</em> assigned.</p>
 <ul>
 <li><code>POST</code> requests require the user to have the <code>add</code> permission on the model.</li>
 <li><code>PUT</code> and <code>PATCH</code> requests require the user to have the <code>change</code> permission on the model.</li>
@ -653,10 +660,6 @@ class ExampleView(APIView):
 </ul>
 <p>The default behaviour can also be overridden to support custom model permissions.  For example, you might want to include a <code>view</code> model permission for <code>GET</code> requests.</p>
 <p>To use custom model permissions, override <code>DjangoModelPermissions</code> and set the <code>.perms_map</code> property.  Refer to the source code for details.</p>
-<h4 id="using-with-views-that-do-not-include-a-queryset-attribute"><a class="toclink" href="#using-with-views-that-do-not-include-a-queryset-attribute">Using with views that do not include a <code>queryset</code> attribute.</a></h4>
-<p>If you're using this permission with a view that uses an overridden <code>get_queryset()</code> method there may not be a <code>queryset</code> attribute on the view. In this case we suggest also marking the view with a sentinel queryset, so that this class can determine the required permissions. For example:</p>
-<pre><code>queryset = User.objects.none()  # Required for DjangoModelPermissions
-</code></pre>
 <h2 id="djangomodelpermissionsoranonreadonly"><a class="toclink" href="#djangomodelpermissionsoranonreadonly">DjangoModelPermissionsOrAnonReadOnly</a></h2>
 <p>Similar to <code>DjangoModelPermissions</code>, but also allows unauthenticated users to have read-only access to the API.</p>
 <h2 id="djangoobjectpermissions"><a class="toclink" href="#djangoobjectpermissions">DjangoObjectPermissions</a></h2>
@ -729,6 +732,76 @@ class BlocklistPermission(permissions.BasePermission):
 </code></pre>
 <p>Note that the generic views will check the appropriate object level permissions, but if you're writing your own custom views, you'll need to make sure you check the object level permission checks yourself.  You can do so by calling <code>self.check_object_permissions(request, obj)</code> from the view once you have the object instance.  This call will raise an appropriate <code>APIException</code> if any object-level permission checks fail, and will otherwise simply return.</p>
 <p>Also note that the generic views will only check the object-level permissions for views that retrieve a single model instance.  If you require object-level filtering of list views, you'll need to filter the queryset separately.  See the <a href="../filtering/">filtering documentation</a> for more details.</p>
+<h1 id="overview-of-access-restriction-methods"><a class="toclink" href="#overview-of-access-restriction-methods">Overview of access restriction methods</a></h1>
+<p>REST framework offers three different methods to customize access restrictions on a case-by-case basis. These apply in different scenarios and have different effects and limitations.</p>
+<ul>
+<li><code>queryset</code>/<code>get_queryset()</code>: Limits the general visibility of existing objects from the database. The queryset limits which objects will be listed and which objects can be modified or deleted. The <code>get_queryset()</code> method can apply different querysets based on the current action.</li>
+<li><code>permission_classes</code>/<code>get_permissions()</code>: General permission checks based on the current action, request and targeted object. Object level permissions can only be applied to retrieve, modify and deletion actions. Permission checks for list and create will be applied to the entire object type. (In case of list: subject to restrictions in the queryset.)</li>
+<li><code>serializer_class</code>/<code>get_serializer()</code>: Instance level restrictions that apply to all objects on input and output. The serializer may have access to the request context. The <code>get_serializer()</code> method can apply different serializers based on the current action.</li>
+</ul>
+<p>The following table lists the access restriction methods and the level of control they offer over which actions.</p>
+<table>
+<thead>
+<tr>
+<th></th>
+<th><code>queryset</code></th>
+<th><code>permission_classes</code></th>
+<th><code>serializer_class</code></th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Action: list</td>
+<td>global</td>
+<td>no</td>
+<td>object-level*</td>
+</tr>
+<tr>
+<td>Action: create</td>
+<td>no</td>
+<td>global</td>
+<td>object-level</td>
+</tr>
+<tr>
+<td>Action: retrieve</td>
+<td>global</td>
+<td>object-level</td>
+<td>object-level</td>
+</tr>
+<tr>
+<td>Action: update</td>
+<td>global</td>
+<td>object-level</td>
+<td>object-level</td>
+</tr>
+<tr>
+<td>Action: partial_update</td>
+<td>global</td>
+<td>object-level</td>
+<td>object-level</td>
+</tr>
+<tr>
+<td>Action: destroy</td>
+<td>global</td>
+<td>object-level</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Can reference action in decision</td>
+<td>no**</td>
+<td>yes</td>
+<td>no**</td>
+</tr>
+<tr>
+<td>Can reference request in decision</td>
+<td>no**</td>
+<td>yes</td>
+<td>yes</td>
+</tr>
+</tbody>
+</table>
+<p>* A Serializer class should not raise PermissionDenied in a list action, or the entire list would not be returned. <br>
+ ** The <code>get_*()</code> methods have access to the current view and can return different Serializer or QuerySet instances based on the request or action.</p>
 <hr />
 <h1 id="third-party-packages"><a class="toclink" href="#third-party-packages">Third party packages</a></h1>
 <p>The following third party packages are also available.</p>
--- a/api-guide/relations/index.html
+++ b/api-guide/relations/index.html
@ -1009,7 +1009,7 @@ class Note(models.Model):
 <p>If you explicitly specify a relational field pointing to a
 <code>ManyToManyField</code> with a through model, be sure to set <code>read_only</code>
 to <code>True</code>.</p>
-<p>If you wish to represent <a href="https://docs.djangoproject.com/en/2.2/topics/db/models/#intermediary-manytomany">extra fields on a through model</a> then you may serialize the through model as <a href="https://www.django-rest-framework.org/api-guide/serializers/#dealing-with-nested-objects">a nested object</a>.</p>
+<p>If you wish to represent <a href="https://docs.djangoproject.com/en/stable/topics/db/models/#intermediary-manytomany">extra fields on a through model</a> then you may serialize the through model as <a href="https://www.django-rest-framework.org/api-guide/serializers/#dealing-with-nested-objects">a nested object</a>.</p>
 <hr />
 <h1 id="third-party-packages"><a class="toclink" href="#third-party-packages">Third Party Packages</a></h1>
 <p>The following third party packages are also available.</p>
--- a/api-guide/renderers/index.html
+++ b/api-guide/renderers/index.html
@ -643,6 +643,11 @@ def user_count_view(request, format=None):
 <p>Renders data to HTML, using Django's standard template rendering.
 Unlike other renderers, the data passed to the <code>Response</code> does not need to be serialized.  Also, unlike other renderers, you may want to include a <code>template_name</code> argument when creating the <code>Response</code>.</p>
 <p>The TemplateHTMLRenderer will create a <code>RequestContext</code>, using the <code>response.data</code> as the context dict, and determine a template name to use to render the context.</p>
+<hr />
+<p><strong>Note:</strong> When used with a view that makes use of a serializer the <code>Response</code> sent for rendering may not be a dictionay and will need to be wrapped in a dict before returning to allow the TemplateHTMLRenderer to render it. For example:</p>
+<pre><code>response.data = {'results': response.data}
+</code></pre>
+<hr />
 <p>The template name is determined by (in order of preference):</p>
 <ol>
 <li>An explicit <code>template_name</code> argument passed to the response.</li>
--- a/api-guide/requests/index.html
+++ b/api-guide/requests/index.html
@ -518,7 +518,7 @@
 <ul>
 <li>It includes all parsed content, including <em>file and non-file</em> inputs.</li>
 <li>It supports parsing the content of HTTP methods other than <code>POST</code>, meaning that you can access the content of <code>PUT</code> and <code>PATCH</code> requests.</li>
-<li>It supports REST framework's flexible request parsing, rather than just supporting form data.  For example you can handle incoming JSON data in the same way that you handle incoming form data.</li>
+<li>It supports REST framework's flexible request parsing, rather than just supporting form data.  For example you can handle incoming <a href="../parsers/#jsonparser">JSON data</a> similarly to how you handle incoming <a href="../parsers/#formparser">form data</a>.</li>
 </ul>
 <p>For more details see the <a href="../parsers/">parsers documentation</a>.</p>
 <h2 id="query_params"><a class="toclink" href="#query_params">.query_params</a></h2>
--- a/api-guide/serializers/index.html
+++ b/api-guide/serializers/index.html
@ -868,7 +868,7 @@ class CommentSerializer(serializers.Serializer):
    content = serializers.CharField(max_length=200)
    created = serializers.DateTimeField()
 </code></pre>
-<p>Similarly if a nested representation should be a list of items, you should pass the <code>many=True</code> flag to the nested serialized.</p>
+<p>Similarly if a nested representation should be a list of items, you should pass the <code>many=True</code> flag to the nested serializer.</p>
 <pre><code>class CommentSerializer(serializers.Serializer):
    user = UserSerializer(required=False)
    edits = EditItemSerializer(many=True)  # A nested list of 'edit' items.
--- a/api-guide/throttling/index.html
+++ b/api-guide/throttling/index.html
@ -517,7 +517,7 @@ class ExampleView(APIView):
        }
        return Response(content)
 </code></pre>
-<p>Or, if you're using the <code>@api_view</code> decorator with function based views.</p>
+<p>If you're using the <code>@api_view</code> decorator with function based views you can use the following decorator.</p>
 <pre><code>@api_view(['GET'])
@throttle_classes([UserRateThrottle])
 def example_view(request, format=None):
@ -526,6 +526,15 @@ def example_view(request, format=None):
    }
    return Response(content)
 </code></pre>
+<p>It's also possible to set throttle classes for routes that are created using the <code>@action</code> decorator.
+Throttle classes set in this way will override any viewset level class settings.</p>
+<pre><code>@action(detail=True, methods=["post"], throttle_classes=[UserRateThrottle])
+def example_adhoc_method(request, pk=None):
+    content = {
+        'status': 'request was permitted'
+    }
+    return Response(content)
+</code></pre>
 <h2 id="how-clients-are-identified"><a class="toclink" href="#how-clients-are-identified">How clients are identified</a></h2>
 <p>The <code>X-Forwarded-For</code> HTTP header and <code>REMOTE_ADDR</code> WSGI variable are used to uniquely identify client IP addresses for throttling.  If the <code>X-Forwarded-For</code> header is present then it will be used, otherwise the value of the <code>REMOTE_ADDR</code> variable from the WSGI environment will be used.</p>
 <p>If you need to strictly identify unique client IP addresses, you'll need to first configure the number of application proxies that the API runs behind by setting the <code>NUM_PROXIES</code> setting.  This setting should be an integer of zero or more.  If set to non-zero then the client IP will be identified as being the last IP address in the <code>X-Forwarded-For</code> header, once any application proxy IP addresses have first been excluded.  If set to zero, then the <code>REMOTE_ADDR</code> value will always be used as the identifying IP address.</p>
--- a/api-guide/viewsets/index.html
+++ b/api-guide/viewsets/index.html
@ -611,7 +611,7 @@ class UserViewSet(viewsets.ModelViewSet):
        user = self.get_object()
        serializer = PasswordSerializer(data=request.data)
        if serializer.is_valid():
-            user.set_password(serializer.data['password'])
+            user.set_password(serializer.validated_data['password'])
            user.save()
            return Response({'status': 'password set'})
        else:
@ -640,7 +640,7 @@ class UserViewSet(viewsets.ModelViewSet):
    def set_password(self, request, pk=None):
       ...
 </code></pre>
-<p>The two new actions will then be available at the urls <code>^users/{pk}/set_password/$</code> and <code>^users/{pk}/unset_password/$</code>. Use the <code>url_path</code> and <code>url_name</code> parameters to change the URL segement and the reverse URL name of the action.</p>
+<p>The two new actions will then be available at the urls <code>^users/{pk}/set_password/$</code> and <code>^users/{pk}/unset_password/$</code>. Use the <code>url_path</code> and <code>url_name</code> parameters to change the URL segment and the reverse URL name of the action.</p>
 <p>To view all extra actions, call the <code>.get_extra_actions()</code> method.</p>
 <h3 id="routing-additional-http-methods-for-extra-actions"><a class="toclink" href="#routing-additional-http-methods-for-extra-actions">Routing additional HTTP methods for extra actions</a></h3>
 <p>Extra actions can map additional HTTP methods to separate <code>ViewSet</code> methods. For example, the above password set/unset methods could be consolidated into a single route. Note that additional mappings do not accept arguments.</p>
--- a/community/release-notes/index.html
+++ b/community/release-notes/index.html
@ -518,6 +518,21 @@
 <hr />
 <h2 id="312x-series"><a class="toclink" href="#312x-series">3.12.x series</a></h2>
 <h3 id="3122"><a class="toclink" href="#3122">3.12.2</a></h3>
+<p>Date: 25th March 2021</p>
+<ul>
+<li>Properly handle ATOMIC_REQUESTS when multiple database configurations are used. [#7739]</li>
+<li>Bypass <code>COUNT</code> query when <code>LimitOffsetPagination</code> is configured but pagination params are not included on the request. [#6098]</li>
+<li>Respect <code>allow_null=True</code> on <code>DecimalField</code>. [#7718]</li>
+<li>Allow title cased <code>"Yes"</code>/<code>"No"</code> values with <code>BooleanField</code>. [#7739]</li>
+<li>Add <code>PageNumberPagination.get_page_number()</code> method for overriding behavior. [#7652]</li>
+<li>Fixed rendering of timedelta values in OpenAPI schemas, when present as default, min, or max fields. [#7641]</li>
+<li>Render JSONFields with indentation in browsable API forms. [#6243]</li>
+<li>Remove unnecessary database query in admin Token views. [#7852]</li>
+<li>Raise validation errors when bools are passed to <code>PrimaryKeyRelatedField</code> fields, instead of casting to ints. [#7597]</li>
+<li>Don't include model properties as automatically generated ordering fields with <code>OrderingFilter</code>. [#7609]</li>
+<li>Use <code>deque</code> instead of <code>list</code> for tracking throttling <code>.history</code>. [#7849]</li>
+</ul>
+<h3 id="3122_1"><a class="toclink" href="#3122_1">3.12.2</a></h3>
 <p>Date: 13th October 2020</p>
 <ul>
 <li>Fix issue if <code>rest_framework.authtoken.models</code> is imported, but <code>rest_framework.authtoken</code> is not in INSTALLED_APPS. [#7571]</li>
@ -645,6 +660,8 @@
 <li>Don't strict disallow redundant <code>SerializerMethodField</code> field name arguments.</li>
 <li>Don't render extra actions in browable API if not authenticated.</li>
 <li>Strip null characters from search parameters.</li>
+<li>Deprecate the <code>detail_route</code> decorator in favor of <code>action</code>, which accepts a <code>detail</code> bool. Use <code>@action(detail=True)</code> instead. <a href="https://github.com/encode/django-rest-framework/issues/6687">gh6687</a></li>
+<li>Deprecate the <code>list_route</code> decorator in favor of <code>action</code>, which accepts a <code>detail</code> bool. Use <code>@action(detail=False)</code> instead. <a href="https://github.com/encode/django-rest-framework/issues/6687">gh6687</a></li>
 </ul>
 <h2 id="39x-series"><a class="toclink" href="#39x-series">3.9.x series</a></h2>
 <h3 id="394"><a class="toclink" href="#394">3.9.4</a></h3>
--- a/community/third-party-packages/index.html
+++ b/community/third-party-packages/index.html
@ -564,6 +564,7 @@ You probably want to also tag the version now:
 <li><a href="https://github.com/Tivix/django-rest-auth/">django-rest-auth</a> - Provides a set of REST API endpoints for registration, authentication (including social media authentication), password reset, retrieve and update user details, etc.</li>
 <li><a href="https://github.com/ByteInternet/drf-oidc-auth">drf-oidc-auth</a> - Implements OpenID Connect token authentication for DRF.</li>
 <li><a href="https://github.com/aaronn/django-rest-framework-passwordless">drfpasswordless</a> - Adds (Medium, Square Cash inspired) passwordless logins and signups via email and mobile numbers.</li>
+<li><a href="https://github.com/celiao/django-rest-authemail">django-rest-authemail</a> - Provides a RESTful API for user signup and authentication using email addresses.</li>
 </ul>
 <h3 id="permissions"><a class="toclink" href="#permissions">Permissions</a></h3>
 <ul>
@ -588,17 +589,19 @@ You probably want to also tag the version now:
 <li><a href="https://github.com/gregschmit/drf-action-serializer">drf-action-serializer</a> - Serializer providing per-action fields config for use with ViewSets to prevent having to write multiple serializers.</li>
 <li><a href="https://github.com/oxan/djangorestframework-dataclasses">djangorestframework-dataclasses</a> - Serializer providing automatic field generation for Python dataclasses, like the built-in ModelSerializer does for models.</li>
 <li><a href="https://github.com/yezyilomo/django-restql">django-restql</a> - Turn your REST API into a GraphQL like API(It allows clients to control which fields will be sent in a response, uses GraphQL like syntax, supports read and write on both flat and nested fields).</li>
+<li><a href="https://github.com/PaulGilmartin/graph_wrap">graphwrap</a> - Transform your REST API into a fully compliant GraphQL API with just two lines of code. Leverages <a href="https://docs.graphene-python.org/projects/django/en/latest/">Graphene-Django</a> to dynamically build, at runtime, a GraphQL ObjectType for each view in your API.</li>
 </ul>
 <h3 id="serializer-fields"><a class="toclink" href="#serializer-fields">Serializer fields</a></h3>
 <ul>
 <li><a href="https://github.com/estebistec/drf-compound-fields">drf-compound-fields</a> - Provides "compound" serializer fields, such as lists of simple values.</li>
-<li><a href="https://github.com/Hipo/drf-extra-fields">django-extra-fields</a> - Provides extra serializer fields.</li>
+<li><a href="https://github.com/Hipo/drf-extra-fields">drf-extra-fields</a> - Provides extra serializer fields.</li>
 <li><a href="https://github.com/WGBH/django-versatileimagefield">django-versatileimagefield</a> - Provides a drop-in replacement for Django's stock <code>ImageField</code> that makes it easy to serve images in multiple sizes/renditions from a single field. For DRF-specific implementation docs, <a href="https://django-versatileimagefield.readthedocs.io/en/latest/drf_integration.html">click here</a>.</li>
 </ul>
 <h3 id="views"><a class="toclink" href="#views">Views</a></h3>
 <ul>
 <li><a href="https://github.com/MattBroach/DjangoRestMultipleModels">django-rest-multiple-models</a> - Provides a generic view (and mixin) for sending multiple serialized models and/or querysets via a single API request.</li>
 <li><a href="https://github.com/rsinger86/drf-typed-views">drf-typed-views</a> - Use Python type annotations to validate/deserialize request parameters. Inspired by API Star, Hug and FastAPI.</li>
+<li><a href="https://github.com/AlexisMunera98/rest-framework-actions">rest-framework-actions</a> - Provides control over each action in ViewSets. Serializers per action, method.</li>
 </ul>
 <h3 id="routers"><a class="toclink" href="#routers">Routers</a></h3>
 <ul>
@ -650,6 +653,7 @@ You probably want to also tag the version now:
 <li><a href="https://github.com/cloudcode-hungary/django-rest-framework-features/">djangorestframework-features</a> - Advanced schema generation and more based on named features.</li>
 <li><a href="https://github.com/barseghyanartur/django-elasticsearch-dsl-drf">django-elasticsearch-dsl-drf</a> - Integrate Elasticsearch DSL with Django REST framework. Package provides views, serializers, filter backends, pagination and other handy add-ons.</li>
 <li><a href="https://github.com/rhenter/django-api-client">django-api-client</a> - DRF client that groups the Endpoint response, for use in CBVs and FBV as if you were working with Django's Native Models..</li>
+<li><a href="https://github.com/iashraful/fast-drf">fast-drf</a> - A model based library for making API development faster and easier.</li>
 </ul>
            

--- a/index.html
+++ b/index.html
@ -638,10 +638,6 @@ Framework.</p>
 <h2 id="support"><a class="toclink" href="#support">Support</a></h2>
 <p>For support please see the <a href="https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework">REST framework discussion group</a>, try the  <code>#restframework</code> channel on <code>irc.freenode.net</code>, search <a href="https://botbot.me/freenode/restframework/">the IRC archives</a>, or raise a  question on <a href="https://stackoverflow.com/">Stack Overflow</a>, making sure to include the <a href="https://stackoverflow.com/questions/tagged/django-rest-framework">'django-rest-framework'</a> tag.</p>
 <p>For priority support please sign up for a <a href="https://fund.django-rest-framework.org/topics/funding/">professional or premium sponsorship plan</a>.</p>
-<p>For updates on REST framework development, you may also want to follow <a href="https://twitter.com/_tomchristie">the author</a> on Twitter.</p>
-<p><a style="padding-top: 10px" href="https://twitter.com/_tomchristie" class="twitter-follow-button" data-show-count="false">Follow @_tomchristie</a></p>
-<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
-
 <h2 id="security"><a class="toclink" href="#security">Security</a></h2>
 <p>If you believe you’ve found something in Django REST framework which has security implications, please <strong>do not raise the issue in a public forum</strong>.</p>
 <p>Send a description of the issue via email to <a href="mailto:rest-framework-security@googlegroups.com">rest-framework-security@googlegroups.com</a>.  The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure.</p>
--- a/search/search_index.json
+++ b/search/search_index.json
--- a/sitemap.xml
+++ b/sitemap.xml
@ -1,267 +1,267 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><url>
     <loc>https://www.django-rest-framework.org/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/tutorial/quickstart/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/tutorial/1-serialization/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/tutorial/2-requests-and-responses/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/tutorial/3-class-based-views/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/tutorial/5-relationships-and-hyperlinked-apis/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/tutorial/6-viewsets-and-routers/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/requests/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/responses/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/views/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/generic-views/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/viewsets/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/routers/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/parsers/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/renderers/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/serializers/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/fields/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/relations/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/validators/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/authentication/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/permissions/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/caching/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/throttling/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/filtering/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/pagination/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/versioning/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/content-negotiation/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/metadata/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/schemas/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/format-suffixes/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/reverse/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/exceptions/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/status-codes/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/testing/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/api-guide/settings/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/documenting-your-api/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/api-clients/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/internationalization/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/ajax-csrf-cors/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/html-and-forms/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/browser-enhancements/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/browsable-api/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/topics/rest-hypermedia-hateoas/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/tutorials-and-resources/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/third-party-packages/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/contributing/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/project-management/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/release-notes/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.12-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.11-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.10-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.9-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.8-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.7-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.6-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.5-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.4-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.3-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.2-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.1-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/3.0-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/kickstarter-announcement/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/mozilla-grant/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/funding/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url><url>
     <loc>https://www.django-rest-framework.org/community/jobs/</loc>
-     <lastmod>2020-11-05</lastmod>
+     <lastmod>2021-03-25</lastmod>
     <changefreq>daily</changefreq>
    </url>
 </urlset>
--- a/sitemap.xml.gz
+++ b/sitemap.xml.gz
--- a/topics/api-clients/index.html
+++ b/topics/api-clients/index.html
@ -853,7 +853,7 @@ window.loggedIn = false;

 function loginUser(username, password) {
    let action = ["api-token-auth", "obtain-token"];
-    let params = {username: "example", email: "example@example.com"};
+    let params = {username: username, password: password};
    client.action(schema, action, params).then(function(result) {
        // On success, instantiate an authenticated client.
        let auth = window.coreapi.auth.TokenAuthentication({
--- a/topics/documenting-your-api/index.html
+++ b/topics/documenting-your-api/index.html
@ -593,7 +593,7 @@ documentation and more. Several popular plugins for DRF are supported out-of-the
    meta = self.metadata_class()
    data = meta.determine_metadata(request, self)
    data.pop('description')
-    return data
+    return Response(data=data, status=status.HTTP_200_OK)
 </code></pre>
 <p>See <a href="../../api-guide/metadata/">the Metadata docs</a> for more details.</p>
 <hr />
--- a/topics/internationalization/index.html
+++ b/topics/internationalization/index.html
@ -441,7 +441,7 @@
 <p>Supporting internationalization is not optional. It must be a core feature.</p>
 <p>&mdash; <a href="https://youtu.be/Wa0VfS2q94Y">Jannis Leidel, speaking at Django Under the Hood, 2015</a>.</p>
 </blockquote>
-<p>REST framework ships with translatable error messages. You can make these appear in your language enabling <a href="https://docs.djangoproject.com/en/1.7/topics/i18n/translation">Django's standard translation mechanisms</a>.</p>
+<p>REST framework ships with translatable error messages. You can make these appear in your language enabling <a href="https://docs.djangoproject.com/en/stable/topics/i18n/translation">Django's standard translation mechanisms</a>.</p>
 <p>Doing so will allow you to:</p>
 <ul>
 <li>Select a language other than English as the default, using the standard <code>LANGUAGE_CODE</code> Django setting.</li>
@ -490,14 +490,14 @@ Host: example.org
 <li>Your project includes custom error messages, which are not part of REST framework's default translation strings.</li>
 </ul>
 <h4 id="translating-a-new-language-locally"><a class="toclink" href="#translating-a-new-language-locally">Translating a new language locally</a></h4>
-<p>This guide assumes you are already familiar with how to translate a Django app.  If you're not, start by reading <a href="https://docs.djangoproject.com/en/1.7/topics/i18n/translation">Django's translation docs</a>.</p>
+<p>This guide assumes you are already familiar with how to translate a Django app.  If you're not, start by reading <a href="https://docs.djangoproject.com/en/stable/topics/i18n/translation">Django's translation docs</a>.</p>
 <p>If you're translating a new language you'll need to translate the existing REST framework error messages:</p>
 <ol>
 <li>
-<p>Make a new folder where you want to store the internationalization resources. Add this path to your <a href="https://docs.djangoproject.com/en/1.7/ref/settings/#std:setting-LOCALE_PATHS"><code>LOCALE_PATHS</code></a> setting.</p>
+<p>Make a new folder where you want to store the internationalization resources. Add this path to your <a href="https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-LOCALE_PATHS"><code>LOCALE_PATHS</code></a> setting.</p>
 </li>
 <li>
-<p>Now create a subfolder for the language you want to translate. The folder should be named using <a href="https://docs.djangoproject.com/en/1.7/topics/i18n/#term-locale-name">locale name</a> notation. For example: <code>de</code>, <code>pt_BR</code>, <code>es_AR</code>.</p>
+<p>Now create a subfolder for the language you want to translate. The folder should be named using <a href="https://docs.djangoproject.com/en/stable/topics/i18n/#term-locale-name">locale name</a> notation. For example: <code>de</code>, <code>pt_BR</code>, <code>es_AR</code>.</p>
 </li>
 <li>
 <p>Now copy the <a href="https://raw.githubusercontent.com/encode/django-rest-framework/master/rest_framework/locale/en_US/LC_MESSAGES/django.po">base translations file</a> from the REST framework source code into your translations folder.</p>
@ -516,7 +516,7 @@ available for Django to use. You should see a message like <code>processing file
 <p>If you're only translating custom error messages that exist inside your project codebase you don't need to copy the REST framework source <code>django.po</code> file into a <code>LOCALE_PATHS</code> folder, and can instead simply run Django's standard <code>makemessages</code> process.</p>
 <h2 id="how-the-language-is-determined"><a class="toclink" href="#how-the-language-is-determined">How the language is determined</a></h2>
 <p>If you want to allow per-request language preferences you'll need to include <code>django.middleware.locale.LocaleMiddleware</code> in your <code>MIDDLEWARE_CLASSES</code> setting.</p>
-<p>You can find more information on how the language preference is determined in the <a href="https://docs.djangoproject.com/en/1.7/topics/i18n/translation/#how-django-discovers-language-preference">Django documentation</a>. For reference, the method is:</p>
+<p>You can find more information on how the language preference is determined in the <a href="https://docs.djangoproject.com/en/stable/topics/i18n/translation/#how-django-discovers-language-preference">Django documentation</a>. For reference, the method is:</p>
 <ol>
 <li>First, it looks for the language prefix in the requested URL.</li>
 <li>Failing that, it looks for the <code>LANGUAGE_SESSION_KEY</code> key in the current user’s session.</li>
--- a/tutorial/5-relationships-and-hyperlinked-apis/index.html
+++ b/tutorial/5-relationships-and-hyperlinked-apis/index.html
@ -569,7 +569,7 @@ urlpatterns = format_suffix_patterns([
 }
 </code></pre>
 <p>Note that settings in REST framework are all namespaced into a single dictionary setting, named <code>REST_FRAMEWORK</code>, which helps keep them well separated from your other project settings.</p>
-<p>We could also customize the pagination style if we needed too, but in this case we'll just stick with the default.</p>
+<p>We could also customize the pagination style if we needed to, but in this case we'll just stick with the default.</p>
 <h2 id="browsing-the-api"><a class="toclink" href="#browsing-the-api">Browsing the API</a></h2>
 <p>If we open a browser and navigate to the browsable API, you'll find that you can now work your way around the API simply by following links.</p>
 <p>You'll also be able to see the 'highlight' links on the snippet instances, that will take you to the highlighted code HTML representations.</p>