Commit Graph

1857 Commits

Author SHA1 Message Date
Danilo Bargen
b187f53453 Changed return status for CSRF failures to HTTP 403
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
Tom Christie
5d80f7f932 allow_blank, allow_null 2014-09-22 17:46:02 +01:00
Tom Christie
5a95baf2a2 Tests & tweaks for ChoiceField 2014-09-22 16:52:57 +01:00
Tom Christie
b5454dd022 Tests and tweaks for choice fields 2014-09-22 16:50:04 +01:00
Tom Christie
e5f0a97595 More compat fixes 2014-09-22 16:45:06 +01:00
Tom Christie
5586b6581d Support format=None for date/time fields 2014-09-22 16:02:59 +01:00
Tom Christie
4db23cae21 Tweaks to DecimalField 2014-09-22 15:34:06 +01:00
Tom Christie
249253a144 Fix compat issues 2014-09-22 14:54:33 +01:00
Tom Christie
c54f394904 Ensure 'messages' in fields are respected in preference to default validator messages 2014-09-22 13:57:45 +01:00
Tom Christie
afb3f8ab0a Tests and tweaks for text fields 2014-09-22 13:26:47 +01:00
Tom Christie
af46fd6b00 Field tests and associated cleanup 2014-09-22 12:25:57 +01:00
Tom Christie
cf72b9a8b7 Moar tests 2014-09-19 16:43:13 +01:00
Tom Christie
20424251a3 Version 2.4.3 2014-09-19 14:26:28 +01:00
Tom Christie
88008c0a68 Merge branch 'master' into version-3.0 2014-09-19 14:05:50 +01:00
Piper Merriam
7f758d1cf6 Fix missing CSRF exemption on viewsets 2014-09-18 10:30:13 -06:00
Tom Christie
f90049316a Added a model update integration test 2014-09-18 15:47:27 +01:00
Tom Christie
106362b437 ModelSerializer.create() to handle many to many by default 2014-09-18 14:58:08 +01:00
Tom Christie
9fdb2280d1 First pass on ManyRelation 2014-09-18 14:23:00 +01:00
Tom Christie
87734be5f4 Configuration correctness tests on ModelSerializer 2014-09-18 12:17:21 +01:00
Tom Christie
5b7e4af0d6 get_base_field() refactor 2014-09-18 11:20:56 +01:00
Tom Christie
8c8d355e76 Update routers.py 2014-09-17 15:51:17 +01:00
Tom Christie
3376c37861 Merge pull request #1865 from mskrajnowski/default-router-listless-viewset
DefaultRouter support for viewsets without an implemented default action
2014-09-17 15:50:12 +01:00
José Padilla
de5fbf7d63 Update initial migration to work on Python 3 2014-09-17 10:23:53 -04:00
Tom Christie
c0155fd9dc Update comments 2014-09-17 14:11:53 +01:00
José Padilla
a37db382c6 Update authtoken latest Django 1.7 migration 2014-09-17 09:01:49 -04:00
Tom Christie
d196608d5a Fix nested model serializer base class 2014-09-15 13:55:09 +01:00
Tom Christie
40dc588a37 Drop label from serializer fields when not needed 2014-09-15 09:50:51 +01:00
Tom Christie
afb28a44ad Dealing with reverse relationships 2014-09-12 21:32:20 +01:00
Tom Christie
e6c88a4233 Drop usage of validatiors.EMPTY_VALUES 2014-09-12 19:54:27 +01:00
Tom Christie
0ac52e0808 Use Resolver404 instead of base Exception 2014-09-12 17:06:37 +01:00
Tom Christie
b73a205cc0 Tests for relational fields (not including many=True) 2014-09-12 17:03:42 +01:00
Tom Christie
79715f01f8 Coerce dates etc to ISO_8601 in seralizer, by default. 2014-09-12 12:10:22 +01:00
Tom Christie
22af49bf8f Tidy up JSONEncoder 2014-09-12 11:50:20 +01:00
Tom Christie
5e39e159ee UNICODE_JSON and COMPACT_JSON settings 2014-09-12 11:38:22 +01:00
Tom Christie
250755def7 Clean up relational fields queryset usage 2014-09-12 10:59:51 +01:00
Tom Christie
6db3356c4d NON_FIELD_ERRORS_KEY setting 2014-09-12 10:21:35 +01:00
Tom Christie
0d354e8f92 to_internal_value() and to_representation() 2014-09-12 09:49:35 +01:00
Tom Christie
adcb64ab41 MethodField -> SerializerMethodField 2014-09-12 09:12:56 +01:00
Tom Christie
1e53eb0aa2 DecimalFields should still be quantized even without coerce_to_string 2014-09-11 21:57:32 +01:00
Tom Christie
040bfcc09c NotImplemented stubs for Field, and DecimalField improvements 2014-09-11 21:48:54 +01:00
Tom Christie
a751871991 no longer tightly coupled to private queryset API 2014-09-11 20:50:26 +01:00
Tom Christie
55650a743d no longer tightly coupled to private queryset API 2014-09-11 20:49:10 +01:00
Tom Christie
19b8f779de Throttles now use Retry-After header and no longer support the custom style 2014-09-11 20:43:44 +01:00
Tom Christie
bf52d04f4c Nice manager representations on serializer classes 2014-09-11 20:37:27 +01:00
Tom Christie
ab40780dc2 Tidy up lookup_class 2014-09-11 20:22:32 +01:00
Tom Christie
3318f75a71 Improve memory address removal for serializer representations 2014-09-11 13:50:53 +01:00
Tom Christie
54ccf7230d Improve memory address removal for serializer representations 2014-09-11 13:43:46 +01:00
Tom Christie
de301f3b66 Merge master 2014-09-11 13:20:44 +01:00
Marek Skrajnowski
ae84438530 Added DefaultRouter support (and test) for viewsets without the default action implemented, which is usually the list action. 2014-09-11 12:42:36 +02:00
Joe Binney
37d01f6088 Fix grammar in login error message 2014-09-10 20:27:52 -07:00
Tom Christie
80ba047347 Compat fixes 2014-09-10 16:57:22 +01:00
Tom Christie
01c8c0cad9 Added help_text argument to fields 2014-09-10 13:52:16 +01:00
Tom Christie
234369aefd Tweaks 2014-09-10 08:53:33 +01:00
Tom Christie
b1c07670ca Fleshing out serializer fields 2014-09-09 17:46:28 +01:00
Xavier Ordoquy
015a8122c7 Merge pull request #1852 from GVRV/bugfix/apiroot_get_regression
Make sure APIRoot.get can take on args, kwargs so router can be embedded...
2014-09-09 07:19:16 +02:00
Gaurav Dadhania
1a885b9e16 Make sure APIRoot.get can take on args, kwargs so router can be embedded within any URL pattern. 2014-09-09 05:42:52 +05:30
Tom Christie
21980b800d More test sorting 2014-09-08 14:24:05 +01:00
Tom Christie
168710813c Merge pull request #1844 from adamsc64/issue_1533
Fixed #1533 - Resolved issue with integer keys on nested choices never v...
2014-09-08 10:15:26 +01:00
Hamish Campbell
826d76a8c7 Stop the API Client converting empty lists/dicts to empty strings 2014-09-08 12:16:20 +12:00
Christopher Adams
613a301a36 Fixed #1533 - Resolved issue with integer keys on nested choices never validating.
- Added unit test for nested `choices` argument.
- Added unit test for non-nested `choices` argument.
2014-09-06 17:13:28 -04:00
Tom Christie
e8fac28d88 Merge pull request #1818 from tituomin/serializer-subclass-mapping
Better mapping for custom model fields to serializer fields.
2014-09-06 07:20:31 +01:00
Tom Christie
5bbfef36f4 Merge pull request #1838 from jbittel/fix-encoded-filename-rfc6266
Support RFC6266 encoded filenames
2014-09-06 07:13:12 +01:00
Jason Bittel
3f7fad2e5a Refactor disposition unpacking for clarity 2014-09-05 16:27:55 -07:00
José Padilla
c9d4497d81 Use force_text from compat 2014-09-05 15:58:53 -07:00
José Padilla
d44a8f24ff Merge remote-tracking branch 'poswald/view-description-as-promise' into view-description-as-promise 2014-09-05 15:34:16 -07:00
Jason Bittel
c8e475023c Fix encoded filename parsing to allow for lang 2014-09-05 15:22:43 -07:00
Jason Bittel
bcd8a24db1 Refactor encoded filename feature per #1531 2014-09-05 14:56:54 -07:00
Vladislav Vlastovskiy
bcca9ed0fd Removed use encoding available only in py3 2014-09-05 14:52:01 -07:00
Vladislav Vlastovskiy
8a9f34b838 Added get filename as encoded
This filename described in RFC 6266
2014-09-05 14:50:16 -07:00
José Padilla
ab213cbc41 Remove order_by from AutoFilterSet 2014-09-05 11:43:49 -07:00
Tom Christie
d934824bff Workin on 2014-09-05 16:29:46 +01:00
Tom Christie
2b47c6b700 Merge pull request #1834 from piotrjakimiak/master
Fix returning None when allow_none is True in CharField
2014-09-05 13:57:34 +01:00
Piotr Jakimiak
c3b841ae44 Use Serializer instead of ModelSerializer 2014-09-05 14:08:11 +02:00
Tom Christie
7dce364a35 Merge pull request #1829 from cezar77/login-form-errors
Display validation errors on login form
2014-09-05 12:59:26 +01:00
Cezar Pendarovski
2531b5cd86 Remove light gray bordering from the well with general message error 2014-09-05 13:28:47 +02:00
Piotr Jakimiak
6022b9ddd4 Fix comment 2014-09-05 12:00:17 +02:00
Piotr Jakimiak
d9633c6817 Fix returning None when allow_none is True in CharField 2014-09-05 11:08:34 +02:00
Cezar Pendarovski
34b3ee9ea1 Place general error message in well 2014-09-05 11:06:30 +02:00
Cezar Pendarovski
d3ee26ba99 Change bootstrap class warning to error 2014-09-05 10:55:49 +02:00
Tom Christie
2e632e5af2 Merge pull request #1820 from carltongibson/login-dropdown
Hide login link in browsable API if the login view is not registered.
2014-09-05 09:07:14 +01:00
Cezar Pendarovski
6106701c06 Input fields get hightlighted if login fails and username is persisted 2014-09-05 09:38:54 +02:00
Cezar Pendarovski
3bc858c30b General message error goes above submit button 2014-09-04 17:51:45 +02:00
Cezar Pendarovski
ea259e8bde Error messages are displayed below the input fields 2014-09-04 16:01:27 +02:00
Cezar Pendarovski
d56efb8f82 Display validation errors on login form 2014-09-04 15:26:00 +02:00
Carlton Gibson
ef1fb3d8df Prefer format and use named blocks 2014-09-04 08:54:50 +02:00
dpanesso
1ab782a430 Using user.get_username() instead of user.username.
This solves an error when using a auth model that does not have a username field.
2014-09-03 23:38:03 -05:00
Piper Merriam
fc9be55d43 Alter CSRF exemption implementation
The previous implementation of decorating `APIView.dispach` with the
`csrf_exempt` decorator allowed for an easy-to-make mistake where
someone could override the `dispatch` method on a view and inadvertantly
remove the csrf exemption of their api view.

By moving the decoration of the view into the `as_view` logic, it
becomes much more difficult to make this mistake.
2014-09-03 09:50:31 -06:00
Tom Christie
f08afe162c Version 2.4.2 2014-09-03 16:35:17 +01:00
Tom Christie
c1036c1753 More test passing 2014-09-03 16:34:09 +01:00
Michał Jaworski
afe9b37f60 remove rogue print 2014-09-03 17:21:56 +02:00
Michał Jaworski
9195ccb97f Use explicit many=True for object_serializer instantiation in PaginationSerializer and add catch dummy 'many' kwarg on DefaultObjectSerializer 2014-09-03 16:52:41 +02:00
Carlton Gibson
4947303f20 Moved li tags inside optional_login
as per https://github.com/tomchristie/django-rest-framework/pull/1820#discussion_r16987993
2014-09-03 09:54:36 +02:00
Tom Christie
f2852811f9 Getting tests passing 2014-09-02 17:41:23 +01:00
Tom Christie
ec096a1cac Add relations and get tests running 2014-09-02 15:07:56 +01:00
Carlton Gibson
fa0ef17737 Remove Login Dropdown when Auth Views are not registered.
Fixes #1738
2014-09-02 14:53:37 +02:00
Timo Tuominen
e437520217 Generator implementation of class mapping. 2014-09-01 17:02:48 +03:00
Timo Tuominen
582f6fdd4b Add utility function to match classes in dictionary. 2014-09-01 15:54:33 +03:00
Timo Tuominen
ae84b8b0e8 Traverse the method resolution order when mapping serializer fields. 2014-09-01 15:03:39 +03:00
Timo Tuominen
82d4b20832 Add subclass matching to serializer field mapping. 2014-09-01 15:02:49 +03:00
Carlton Gibson
14877464f6 Merge pull request #1816 from carltongibson/regression-login-template
Regression for #1810: Test login view renders
2014-09-01 10:31:07 +02:00
Tom Christie
55e779c856 Version 2.4.1 2014-09-01 09:07:55 +01:00
Carlton Gibson
1c9c5d5c32 Regression for #1810: Test login view renders 2014-09-01 10:07:05 +02:00
Daniel Roseman
b554c67d14 Restore body block to base template. 2014-08-30 13:28:12 +01:00
Tom Christie
4ac4676a40 First pass 2014-08-29 16:46:26 +01:00
Tom Christie
371d30aa87 Remove unused imports. 2014-08-29 12:54:52 +01:00
Tom Christie
b552b62540 get_paginate_by no longer takes optional .queryset 2014-08-29 12:54:03 +01:00
Tom Christie
f87d32558e Remove .link() and .action() decorators. 2014-08-29 12:53:45 +01:00
Tom Christie
ce7b2cded9 Remove deprecated generic views.
`MultipleObjectAPIView` and `SingleObjectAPIView` are no longer
required.
2014-08-29 12:48:49 +01:00
Tom Christie
72c0811576 Minor tidy up. 2014-08-29 12:48:04 +01:00
Tom Christie
b3253b4283 Remove .model usage in tests.
Remove the shortcut `.model` view attribute usage from test cases.
2014-08-29 12:35:53 +01:00
Tom Christie
b8c8d10a18 Remove page_size argument.
`paginate_queryset` no longer takes an optional `page_size` argument.
2014-08-29 11:38:54 +01:00
Tom Christie
e5e6329a22 Remove pk_url_field, slug_url_field, slug_field.
Closes #1773.
2014-08-29 11:29:26 +01:00
Tom Christie
b3bbf41670 Remove allow_empty 2014-08-29 11:09:35 +01:00
Tom Christie
0f8fdf4e72 Remove allow_empty.
Closes #1774.
2014-08-29 10:57:24 +01:00
Tom Christie
f62c874ea9 Remove filter_backend.
Closes #1775.
2014-08-29 10:48:40 +01:00
Tom Christie
2a61ed8bac 2.4 Release notes 2014-08-29 10:10:17 +01:00
Tom Christie
8f4ae06b3b Merge pull request #1784 from tomchristie/remove-model-attribute
Deprecate `.model` attribute on views
2014-08-29 10:03:07 +01:00
Cezar Pendarovski
5380889275 Validation errors in the rendered HTML fixed 2014-08-28 10:39:01 +02:00
Cezar Pendarovski
e5d88a80a9 Put all TextNodes (method names) back to same line with parent element 2014-08-27 09:41:33 +02:00
Cezar Pendarovski
f6cbd88618 Merge remote-tracking branch 'upstream/master' into fix-1719
Conflicts:
	rest_framework/templates/rest_framework/base.html
2014-08-25 17:28:22 +02:00
Cezar Pendarovski
4d582fd9ff Made all color declarations in bootstrap-tweaks.css consistent 2014-08-22 10:12:52 +02:00
Cezar Pendarovski
1e2bd1294e Fixed the issue with the non-draggable horizontal scrollbar 2014-08-22 09:53:03 +02:00
Greg Doermann
f27a28682b Frameworks throws AssertionError saying you cannot set required=True and read_only=True on editable=False model fields. We should not make the field required if editable=False. 2014-08-20 11:00:37 -06:00
Tom Christie
4d8c63abc9 Deprecate .model in related routers/permissions 2014-08-20 17:15:46 +01:00
Dmitry Mukhin
3b07d0c997 Merge branch 'master' into set-retry-after
Conflicts:
	tests/test_throttling.py
2014-08-20 20:04:48 +04:00
Tom Christie
9372cc8c31 Deprecate .model attribute on views 2014-08-20 16:24:52 +01:00
Tom Christie
59b47eac14 Fix cache_throttle typo 2014-08-20 12:32:24 +01:00
Tom Christie
63d02dbea8 Drop six from compat. 1.4.2 is now the lowest supported version. 2014-08-19 17:06:55 +01:00
Tom Christie
5358243ca5 Merge pull request #1778 from linovia/bugfix/1398
Bugfix/1398
2014-08-19 16:16:02 +01:00
Tom Christie
2d2737f367 Resolve python3 linting issue 2014-08-19 14:11:26 +01:00
Tom Christie
d2795dd26d Resolve linting issues 2014-08-19 13:54:52 +01:00
Tom Christie
bf09c32de8 Code linting and added runtests.py 2014-08-19 13:28:07 +01:00
Xavier Ordoquy
c9535c036b Merged #1398 against 2.4 branch. 2014-08-19 11:12:36 +02:00
Tom Christie
e385a7b8eb Merge master 2014-08-19 10:11:10 +01:00
Paul Oswald
3e93c96ece replace unicode call with force_text 2014-08-19 10:09:48 +09:00
Tom Christie
97d8f037cc Only set .action attribute in override_method if it already existed on the view 2014-08-18 20:56:17 +01:00
Tom Christie
01986fc80e Merge pull request #1763 from fongandrew/patch-1
override_method should substitute action
2014-08-18 20:39:09 +01:00
Tom Christie
1d0c169e94 Merge pull request #1505 from ticosax/test.client.logout
reset stored credentials when call client.logout()
2014-08-18 20:37:25 +01:00
Tom Christie
c092b4df78 Merge pull request #1641 from javins/login-title
Refactor login template to extend base.
2014-08-18 20:28:34 +01:00
Tom Christie
3b899c9d57 Merge pull request #1726 from ikame/master
Leave status responsibility to parent class
2014-08-18 19:59:23 +01:00
Tom Christie
2aad8e4b35 Merge pull request #1654 from carltongibson/1559-take-2
Allow use of native migrations in 1.7 — Take 2
2014-08-18 18:54:43 +01:00
Tom Christie
e85ef3b479 Merge pull request #1772 from tomchristie/fix-1583
Copy filter_backends class attribute before returning it.
2014-08-18 16:14:45 +01:00
Tom Christie
9f3c7e8930 Copy filter_backends class attribute before returning it. 2014-08-18 15:34:23 +01:00
Tom Christie
33af92e019 Always uppercase X-Http-Method-Override methods. Closes #1718. 2014-08-18 15:14:30 +01:00
Tom Christie
8244c7cc33 Merge pull request #1711 from kdazzle/ModelViewSet-queryset-static-property
Issue #1707: Add documentation to api-docs.viewsets
2014-08-18 12:25:03 +01:00
Tom Christie
0e918055c7 Merge pull request #1739 from kevinlondon/patch-3
Updated documentation for urls.py
2014-08-18 12:15:32 +01:00
Andrew Fong
21cbf3484e Fixed action_map being pulled from wrong object 2014-08-16 23:22:18 +00:00
Andrew Fong
5f63d31b00 override_method should substitute action
A view's action is dependent on the request method. When overriding the method (e.g. to generate a form for a POST request on a GET call to the browseable API), the action should be updated as well. Otherwise, viewset functions may be in a weird limbo state where a 'list' action has a POST method.
2014-08-16 15:05:46 -07:00
Aymeric Derbois
a6901ea36d Add test for SerializerMethodField 2014-08-16 15:53:00 +02:00
John Whitlock
34c1da3515 ModelSerializer.restore_object - errors as list
When a ValueError is raised in ModelSerializer.restore_object, the error
is set to a one-element list, rather than a bare string.
2014-08-13 15:31:25 -05:00