* Condition of UniqueValidator can be read-only
We can't always expect to find the value of the condition in the serializer
if the field is read-only.
* Reproducible test
* Allow format duration as ISO-8601
* Update tests/test_fields.py
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Update tests/test_fields.py
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Add validation for DurationField format, add more tests for it and improve related docs
* Add more precise validation check for duration field format and adjust docs
* Adjust typo in duration field docs
---------
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Fix#9250: Prevent token overwrite and improve security
- Fix key collision issue that could overwrite existing tokens
- Use force_insert=True only for new token instances
- Replace os.urandom with secrets.token_hex for better security
- Add comprehensive test suite to verify fix and backward compatibility
- Ensure existing tokens can still be updated without breaking changes
* Fix code style: remove trailing whitespace and unused imports
* Fix#9250: Prevent token overwrite with minimal changes
- Add force_insert=True to Token.save() for new objects to prevent overwriting existing tokens
- Revert generate_key method to original implementation (os.urandom + binascii)
- Update tests to work with original setUp() approach
- Remove verbose comments and unrelated changes per reviewer feedback
* Fix flake8 violations: remove extra blank lines and trailing whitespace
* Update tests/test_authtoken.py
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Update tests/test_authtoken.py
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Update tests/test_authtoken.py
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Fix token key regeneration behavior and add test
* Update tests/test_authtoken.py
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
---------
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Refactor token generation to use secrets module
* test: Add focused tests for Token.generate_key() method
- Add test for valid token format (40 hex characters)
- Add collision resistance test with 500 sample size
- Add basic randomness quality validation
- Ensure generated keys are unique and properly formatted
* Fix test with Django 5 when pytz is available
* fix formatting
* remove original condition
Co-authored-by: Ülgen Sarıkavak <ulgens@users.noreply.github.com>
* remove trailing whitespace
* further improvements
* let's not skip the pytz test - it should always be executed when testing against Django 4
* add comment to test requirements
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* simplify the pytz import as it should always be available
* make isort happy
---------
Co-authored-by: Ülgen Sarıkavak <ulgens@users.noreply.github.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
* Drop HTML line breaks on long headers
* Remove related test
* Fix flake8
---------
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Bruno Alla <alla.brunoo@gmail.com>
* Add failing test for `UniqueConstraint` validation with `source` attribute
* Fix `UniqueTogetherValidator` to handle fields with source attribute
* split inner sources logic out to tuple comprehension
* Fix typo of 'related' in tests
* Fix typo of permission_classes in coreapi test
* Fix some minor typos in docs
* Fix typos in tests
* Fix flake8 issue
* Fixed regression that tests using format still work
Error only occurred on tests which return no content and use
a renderer without charset (e.g. JSONRenderer)
* Fixed linting
* Used early return as before
* Move ret str check back to where it was
* Add test to reproduce problem with nullable fields part of a unique constraint
Ref #9378
* Simplify test case and add similar case for unique_together
* Add test for unique together in a better place
* Default nullable fields to null in unique constraints checks
* Remove redundant test and move other to more appropriate place
* Add official support for Django 5.1
Following the supported Python versions:
https://docs.djangoproject.com/en/stable/faq/install/
* Add tests to cover compat with Django's 5.1 LoginRequiredMiddleware
* First pass to create DRF's LoginRequiredMiddleware
* Attempt to fix the tests
* Revert custom middleware implementation
* Disable LoginRequiredMiddleware on DRF views
* Document how to integrate DRF with LoginRequiredMiddleware
* Move login required tests under a separate test case
* Revert redundant change
* Disable LoginRequiredMiddleware on ViewSets
* Add some integrations tests to cover various view types
* Use Decimal for min/max values of DecimalField in tests
* Update docs to mention that min/max values should be Decimal objects
* Accept integer values for DecimalField min and max values
* Update expected error messages in tests
* Update expected warning message in tests
According to docs:
https://docs.python.org/3/library/unittest.html#unittest.TestCase.addClassCleanup
> Add a function to be called after tearDownClass() to cleanup resources
used during the test class. Functions will be called in reverse order to
the order they are added (LIFO).
This was revealed with recent change in pytest (`8.2.0`):
> pytest-dev/pytest#11728: For unittest-based tests, exceptions during
class cleanup (as raised by functions registered with
TestCase.addClassCleanup) are now reported instead of silently failing.
`check_urlpatterns` is called before `cleanup_url_patterns` and fails
(problem was hidden by `pytest < 8.2.0`).
`doClassCleanups` can be used instead to check after-cleanup state:
https://docs.python.org/3/library/unittest.html#unittest.TestCase.doClassCleanups
> This method is called unconditionally after tearDownClass(), or after
setUpClass() if setUpClass() raises an exception.
It is responsible for calling all the cleanup functions added by
addClassCleanup(). If you need cleanup functions to be called prior to
tearDownClass() then you can call doClassCleanups() yourself.
Fixes: https://github.com/encode/django-rest-framework/issues/9399
Signed-off-by: Stanislav Levin <slev@altlinux.org>
This change fixes the dist test by moving the --no-pkgroot option from
pytest to the runtests script.
The current "filterwarnings" setting for pytest includes rest_framework,
which causes an early import of the module. As a result the current
--no-pkgroot behavior fails with an assertion error. Trying to remove
the module from sys.modules will cause the warning filter to not apply,
so this change moves this code before pytest parses the config and loads
the "filterwarnings".
* Propagate 'default' from model_field to serializer field
Fix#7469.
Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>
* updated field default on serializer according to openapi generation and added that to options action response
* added notes regarding default value propagation from model to serializer field
* updated note
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
* Update docs/api-guide/fields.md
---------
Co-authored-by: John Parton <john.parton.iv@gmail.com>
Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>
Co-authored-by: Rizwan Shaikh <rshaikh@ces-ltd.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
* Use subquery to remove duplicates in SearchFilter
* Align SearchFilter behaviour to django.contrib.admin
* Add compatibility with older django/python versions
* Allow search to split also by comma after smart split
* Use generator to build search conditions to reduce iterations
* Improve search documentation
* Update docs/api-guide/filtering.md
---------
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
