Commit Graph

1187 Commits

Author SHA1 Message Date
sevdog
a4a3093f11
Add test to demonstrate that uniquetoghetervalidator does not enforce partial unique-constraint against FKs 2025-09-16 17:40:46 +02:00
Marcelo Galigniana
503f0603e6
Add documentation about how to transform factory request to DRF request (#9380) 2025-08-16 13:09:47 +06:00
Nicolas Delaby
513ddb4ffb
Condition of UniqueTogetherValidator can be read-only (#9764)
* Condition of UniqueValidator can be read-only

We can't always expect to find the value of the condition in the serializer
if the field is read-only.

* Reproducible test
2025-08-13 10:53:25 +06:00
Devid
c8b6d3dcdf
DurationField output format (#8532)
* Allow format duration as ISO-8601

* Update tests/test_fields.py

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

* Update tests/test_fields.py

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

* Add validation for DurationField format, add more tests for it and improve related docs

* Add more precise validation check for duration field format and adjust docs

* Adjust typo in duration field docs

---------

Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
2025-08-12 16:21:01 +02:00
Mahdi Rahimi
c0166d95bb
Prevent small risk of Token overwrite (#9754)
* Fix #9250: Prevent token overwrite and improve security

- Fix key collision issue that could overwrite existing tokens
- Use force_insert=True only for new token instances
- Replace os.urandom with secrets.token_hex for better security
- Add comprehensive test suite to verify fix and backward compatibility
- Ensure existing tokens can still be updated without breaking changes

* Fix code style: remove trailing whitespace and unused imports

* Fix #9250: Prevent token overwrite with minimal changes

- Add force_insert=True to Token.save() for new objects to prevent overwriting existing tokens
- Revert generate_key method to original implementation (os.urandom + binascii)
- Update tests to work with original setUp() approach
- Remove verbose comments and unrelated changes per reviewer feedback

* Fix flake8 violations: remove extra blank lines and trailing whitespace

* Update tests/test_authtoken.py

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

* Update tests/test_authtoken.py

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

* Update tests/test_authtoken.py

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

* Fix token key regeneration behavior and add test

* Update tests/test_authtoken.py

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

---------

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
2025-08-10 16:52:32 +06:00
Mahdi Rahimi
97a771c405
Refactor token generation to use secrets module (#9760)
* Refactor token generation to use secrets module

* test: Add focused tests for Token.generate_key() method

- Add test for valid token format (40 hex characters)
- Add collision resistance test with 500 sample size
- Add basic randomness quality validation
- Ensure generated keys are unique and properly formatted
2025-08-10 09:42:52 +06:00
Jakub Kulík
853969c69c
Fix test with Django 5 when pytz is available (#9715)
* Fix test with Django 5 when pytz is available

* fix formatting

* remove original condition

Co-authored-by: Ülgen Sarıkavak <ulgens@users.noreply.github.com>

* remove trailing whitespace

* further improvements

* let's not skip the pytz test - it should always be executed when testing against Django 4

* add comment to test requirements

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

* simplify the pytz import as it should always be available

* make isort happy

---------

Co-authored-by: Ülgen Sarıkavak <ulgens@users.noreply.github.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
2025-07-24 08:47:47 +01:00
Konstantin Alekseev
e454758fb6
Fix regression in unique_together validation with SerializerMethodField (#9712) 2025-06-10 12:47:28 +01:00
Tom Christie
78e97074e7
Drop HTML line breaks on long headers in browsable API (#9438)
* Drop HTML line breaks on long headers

* Remove related test

* Fix flake8

---------

Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Bruno Alla <alla.brunoo@gmail.com>
2025-04-28 04:08:48 +00:00
Josh Thomas
543996711d
Fix UniqueTogetherValidator to handle fields w/ source attr (#9688)
* Add failing test for `UniqueConstraint` validation with `source` attribute

* Fix `UniqueTogetherValidator` to handle fields with source attribute

* split inner sources logic out to tuple comprehension
2025-04-23 09:03:14 +00:00
Ülgen Sarıkavak
ea1da76196
Add pyupgrade to pre-commit hooks (#9682) 2025-04-09 06:24:18 +00:00
Bruno Alla
3c755794df
Cleanup dependencies and conditions for unsupported Python versions (#9681)
* Remove optional install backports.zoneinfo for unsupported Python versions and associated code

* Remove conditions in tests for unsupported Python versions

* Remove condition for unsupported Python versions
2025-04-08 08:29:40 +00:00
Mike Manger
73cbb9cd4a
Fix typos (#9662)
* Fix typo of 'related' in tests

* Fix typo of permission_classes in coreapi test

* Fix some minor typos in docs

* Fix typos in tests

* Fix flake8 issue
2025-03-08 15:53:15 +06:00
Konstantin Alekseev
17e95604f5
Fix unique together validator doesn't respect condition's fields (#9360) 2025-02-17 14:01:32 +06:00
Oliver Sauder
4a1d773b8f
Fixed regression that tests using format still work (#9615)
* Fixed regression that tests using format still work

Error only occurred on tests which return no content and use
a renderer without charset (e.g. JSONRenderer)

* Fixed linting

* Used early return as before

* Move ret str check back to where it was
2025-01-11 00:56:36 +06:00
Terence Honles
089f6a6974
support django 2.1 test client json data automatically serialized (#6511) 2024-12-28 16:22:21 +06:00
Bruno Alla
a8595a8eae
Fix raising on nullable fields part of UniqueConstraint (#9531)
* Add test to reproduce problem with nullable fields part of a unique constraint

Ref #9378

* Simplify test case and add similar case for unique_together

* Add test for unique together in a better place

* Default nullable fields to null in unique constraints checks

* Remove redundant test and move other to more appropriate place
2024-12-14 15:08:22 +06:00
Bruno Alla
a59aa2dfe1
Add test covering Update view without queryset attribute (#9528) 2024-09-11 15:37:33 +06:00
Bruno Alla
2ede857de0
Add official support for Django 5.1 (#9514)
* Add official support for Django 5.1

Following the supported Python versions:

https://docs.djangoproject.com/en/stable/faq/install/

* Add tests to cover compat with Django's 5.1 LoginRequiredMiddleware

* First pass to create DRF's LoginRequiredMiddleware

* Attempt to fix the tests

* Revert custom middleware implementation

* Disable LoginRequiredMiddleware on DRF views

* Document how to integrate DRF with LoginRequiredMiddleware

* Move login required tests under a separate test case

* Revert redundant change

* Disable LoginRequiredMiddleware on ViewSets

* Add some integrations tests to cover various view types
2024-09-07 17:21:18 +06:00
Bruno Alla
125ad42eb3
Accept integers as min/max values of DecimalField (#9515)
* Use Decimal for min/max values of DecimalField in tests

* Update docs to mention that min/max values should be Decimal objects

* Accept integer values for DecimalField min and max values

* Update expected error messages in tests

* Update expected warning message in tests
2024-09-07 17:07:28 +06:00
Yuekui
518eb22e67
Fix unique_together validation with source (#9482) 2024-08-05 16:36:50 +06:00
James McHugh
8e304e1adb
Fixed AttributeError raised by data property being silently ignored (#9455)
Signed-off-by: James Riley McHugh <mchugh_james@bah.com>
Co-authored-by: James Riley McHugh <mchugh_james@bah.com>
2024-07-17 22:51:39 +06:00
Devid
f74185b6dd
Fix get_template_context to handle also lists (#9467) 2024-07-15 22:03:40 +06:00
Ivan Studinsky
1e9b5c15ec
Provide tests for hashing of OperandHolder (#9437) 2024-06-15 14:00:28 +06:00
Stanislav Levin
36d5c0e74f
tests: Check urlpatterns after cleanups (#9400)
According to docs:
https://docs.python.org/3/library/unittest.html#unittest.TestCase.addClassCleanup

> Add a function to be called after tearDownClass() to cleanup resources
  used during the test class. Functions will be called in reverse order to
  the order they are added (LIFO).

This was revealed with recent change in pytest (`8.2.0`):
> pytest-dev/pytest#11728: For unittest-based tests, exceptions during
  class cleanup (as raised by functions registered with
  TestCase.addClassCleanup) are now reported instead of silently failing.

`check_urlpatterns` is called before `cleanup_url_patterns` and fails
(problem was hidden by `pytest < 8.2.0`).

`doClassCleanups` can be used instead to check after-cleanup state:

https://docs.python.org/3/library/unittest.html#unittest.TestCase.doClassCleanups

> This method is called unconditionally after tearDownClass(), or after
  setUpClass() if setUpClass() raises an exception.

  It is responsible for calling all the cleanup functions added by
  addClassCleanup(). If you need cleanup functions to be called prior to
  tearDownClass() then you can call doClassCleanups() yourself.

Fixes: https://github.com/encode/django-rest-framework/issues/9399

Signed-off-by: Stanislav Levin <slev@altlinux.org>
2024-05-07 13:05:03 +06:00
Peter Thomassen
9d4ed054bf
Don't use Windows line endings 2024-04-30 18:28:27 +02:00
Peter Thomassen
22377241a8
bump pygments (security hygiene)
Addresses https://github.com/encode/django-rest-framework/security/dependabot/9
2024-04-30 18:28:24 +02:00
Peter Thomassen
d58b8da591
Update deprecation hints 2024-04-30 18:28:23 +02:00
Peter Thomassen
d38aab39e4
Remove unused code 2024-04-30 18:28:22 +02:00
Terence Honles
e596f43c4e
use warnings rather than logging a warning for DecimalField warnings (#9367) 2024-04-27 17:15:06 +06:00
Max Muoto
7f18ec1b53
Revert "Ensure CursorPagination respects nulls in the ordering field (#8912)" (#9381)
This reverts commit b1cec517ff.
2024-04-27 17:07:05 +06:00
Asif Saif Uddin
400b4c5441
Revert "Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespac…" (#9335)
This reverts commit 71f87a5864.
2024-03-22 09:39:30 +00:00
Tom Christie
4ef3aaf0ad
Revert #9030 (#9333)
* Revert #9030

* Fix test case
2024-03-22 09:40:34 +01:00
Tom Christie
4f10c4e43e
Revert "Fix Respect can_read_model permission in DjangoModelPermissions (#8…" (#9332)
This reverts commit 0618fa88e1.
2024-03-21 22:45:12 +00:00
Asif Saif Uddin
da78a147f2
Revert "Re-prefetch related objects after updating (#8043)" (#9327)
This reverts commit 2b34aa4291.
2024-03-21 22:23:30 +00:00
Asif Saif Uddin
0e4ed81627
Revert "feat: Add some changes to ValidationError to support django style vad…" (#9326)
This reverts commit 4abfa28e08.

Co-authored-by: Tom Christie <tom@tomchristie.com>
2024-03-21 17:09:43 +01:00
Asif Saif Uddin
a677b09729
Revert "Fix validation for ListSerializer (#8979)" (#9283)
This reverts commit e2a4559c03.
2024-03-13 15:15:43 +00:00
Rodrigo
d4016d8ec1
Add Django 5.0 support (#9233)
* Update tox.ini

* Update tests for Django 5.0

* Update documentation

* Update setup.py
2024-02-28 11:52:22 +01:00
şuayip üzülmez
2ef77b1833
Use POST method instead of GET to perform logout in browsable API (#9208)
* Use POST method instead of GET to perform logout in browsable API

* Add a test that checks the presence of the logout form
2024-02-19 23:28:04 +01:00
Yuekui
41edb3b9dd
Avoid unnecessary unique together checking (#9154) 2024-01-26 11:36:18 +01:00
Christian Clauss
ab694eccde
Fix typo (#9231) 2024-01-24 23:17:01 +01:00
Christian Clauss
74689b1f44
pre-commit autoupdate (#9232) 2024-01-24 22:47:46 +01:00
Kien Dang
552a67acde
Skip coreapi tests in GenerateSchemaTests if coreapi is not installed (#9229) 2024-01-19 11:10:56 +01:00
Terence Honles
4296189283
fix dist test by moving --no-pkgroot to runtests.py (#9129)
This change fixes the dist test by moving the --no-pkgroot option from
pytest to the runtests script.

The current "filterwarnings" setting for pytest includes rest_framework,
which causes an early import of the module. As a result the current
--no-pkgroot behavior fails with an assertion error. Trying to remove
the module from sys.modules will cause the warning filter to not apply,
so this change moves this code before pytest parses the config and loads
the "filterwarnings".
2023-10-05 12:33:53 +06:00
Viicos
d32346bae5
Fix type name of FieldInfo namedtuple (#9124)
* Fix type name of `FieldInfo` namedtuple

* Add test
2023-10-04 23:03:10 +06:00
Devid
5c07060ce0
Use str as default path converter (#9066) 2023-08-16 20:11:50 +06:00
Pavel Král
a47adbcd0f
Document support for http.HTTPMethod in the @action decorator added in Python 3.11. (#9067)
* Implement tests for HTTPMethod from Python 3.11

* Update documentation to mention HTTPMethod support in @action
2023-08-15 11:50:02 +06:00
Denis Orehovsky
da9288878b
Partial serializer should not have required fields (#7563) 2023-08-13 10:36:19 +06:00
rizwanshaikh
7a9db57eaf
Propagate 'default' from model_field to serializer field. (#9030)
* Propagate 'default' from model_field to serializer field

Fix #7469.

Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>

* updated field default on serializer according to openapi generation and added that to options action response

* added notes regarding default value propagation from model to serializer field

* updated note

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

---------

Co-authored-by: John Parton <john.parton.iv@gmail.com>
Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>
Co-authored-by: Rizwan Shaikh <rshaikh@ces-ltd.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
2023-08-07 12:35:54 +06:00
Pierre Chiquet
589b5dca9e
Allow to override child.run_validation call in ListSerializer (#8035)
* Separated run_child_validation method in ListSerializer

* fix typo

* Add test_update_allow_custom_child_validation

---------

Co-authored-by: Pierre Chiquet <pierre.chiquet@ubikey.fr>
2023-07-26 10:27:49 +06:00