Commit Graph

4845 Commits

Author SHA1 Message Date
Danilo Bargen
b187f53453 Changed return status for CSRF failures to HTTP 403
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
Tom Christie
5d80f7f932 allow_blank, allow_null 2014-09-22 17:46:02 +01:00
Tom Christie
5a95baf2a2 Tests & tweaks for ChoiceField 2014-09-22 16:52:57 +01:00
Tom Christie
b5454dd022 Tests and tweaks for choice fields 2014-09-22 16:50:04 +01:00
Tom Christie
e5f0a97595 More compat fixes 2014-09-22 16:45:06 +01:00
Tom Christie
5586b6581d Support format=None for date/time fields 2014-09-22 16:02:59 +01:00
Tom Christie
4db23cae21 Tweaks to DecimalField 2014-09-22 15:34:06 +01:00
Tom Christie
249253a144 Fix compat issues 2014-09-22 14:54:33 +01:00
Tom Christie
c54f394904 Ensure 'messages' in fields are respected in preference to default validator messages 2014-09-22 13:57:45 +01:00
Tom Christie
afb3f8ab0a Tests and tweaks for text fields 2014-09-22 13:26:47 +01:00
Tom Christie
af46fd6b00 Field tests and associated cleanup 2014-09-22 12:25:57 +01:00
Tom Christie
cf72b9a8b7 Moar tests 2014-09-19 16:43:13 +01:00
Tom Christie
b361c54c5c Test rejigging 2014-09-19 15:46:32 +01:00
Tom Christie
c0150e619c Add BaseSerializer heading 2014-09-19 14:59:59 +01:00
Tom Christie
8495cd898a Drop 'No major point releases are currently planned.', cos they are. 2014-09-19 14:31:28 +01:00
Tom Christie
20424251a3 Version 2.4.3 2014-09-19 14:26:28 +01:00
Tom Christie
88008c0a68 Merge branch 'master' into version-3.0 2014-09-19 14:05:50 +01:00
Tom Christie
6d73b5969a Initial release notes 2014-09-19 14:02:17 +01:00
Tom Christie
12ccb0fe8a Test tweaking 2014-09-19 09:09:26 +01:00
Tom Christie
1e9ea377e3 Merge pull request #1887 from pipermerriam/piper/decorate_as_view_response_from_viewsets
Fix missing CSRF exemption on viewsets
2014-09-18 19:13:47 +01:00
Tom Christie
ddbd3cb659 Merge pull request #1882 from mattjmorrison/patch-2
Clarify "raised inside REST framework"
2014-09-18 18:11:26 +01:00
Piper Merriam
7f758d1cf6 Fix missing CSRF exemption on viewsets 2014-09-18 10:30:13 -06:00
Tom Christie
f90049316a Added a model update integration test 2014-09-18 15:47:27 +01:00
Tom Christie
106362b437 ModelSerializer.create() to handle many to many by default 2014-09-18 14:58:08 +01:00
Tom Christie
9fdb2280d1 First pass on ManyRelation 2014-09-18 14:23:00 +01:00
Tom Christie
3bc628edc0 Test for custom fields 2014-09-18 13:07:38 +01:00
Tom Christie
87734be5f4 Configuration correctness tests on ModelSerializer 2014-09-18 12:17:21 +01:00
Tom Christie
5b7e4af0d6 get_base_field() refactor 2014-09-18 11:20:56 +01:00
Matthew J Morrison
764366b2e1 Fixed code formatting 2014-09-17 11:29:15 -05:00
Tom Christie
8c8d355e76 Update routers.py 2014-09-17 15:51:17 +01:00
Tom Christie
3376c37861 Merge pull request #1865 from mskrajnowski/default-router-listless-viewset
DefaultRouter support for viewsets without an implemented default action
2014-09-17 15:50:12 +01:00
Tom Christie
543c6c8e35 Merge pull request #1883 from jpadilla/master
Update authtoken latest Django 1.7 migration
2014-09-17 15:49:27 +01:00
José Padilla
de5fbf7d63 Update initial migration to work on Python 3 2014-09-17 10:23:53 -04:00
Tom Christie
c0155fd9dc Update comments 2014-09-17 14:11:53 +01:00
José Padilla
a37db382c6 Update authtoken latest Django 1.7 migration 2014-09-17 09:01:49 -04:00
Matthew J Morrison
e5af0bbb35 Clarify "raised inside REST framework"
I ran into an issue today where I was not seeing the rest_framework.views.exception_handler do what I thought it should be doing. It turned out that I had imported View from rest_framework.views rather than importing APIView from rest_framework.views. The phrase "raised inside REST framework" was confusing as I was debugging this issue. I was unsure if that meant that I could raise those exceptions in my code or if it had to originate from within framework code.

I'm not sure if the proposed wording is ideal, I just wanted to point out what I found to be confusing.
2014-09-17 07:49:54 -05:00
Tom Christie
92fb08bc6d Merge pull request #1874 from sheppard/patch-3
add wq.db router and django-rest-pandas renderers
2014-09-16 09:08:07 +01:00
S. Andrew Sheppard
3725a1e77d add wq.db router and django-rest-pandas renderers 2014-09-15 14:46:09 -05:00
Tom Christie
4ddc661b01 Tests for through relationships 2014-09-15 14:05:58 +01:00
Tom Christie
d196608d5a Fix nested model serializer base class 2014-09-15 13:55:09 +01:00
Tom Christie
0c15b97b33 Tests for reverse relationships 2014-09-15 13:48:03 +01:00
Tom Christie
c1e2a9cba6 Clean up field mapping tests 2014-09-15 13:38:28 +01:00
Tom Christie
3cf7ed10d2 Fix erronous import 2014-09-15 13:10:58 +01:00
Tom Christie
40dc588a37 Drop label from serializer fields when not needed 2014-09-15 09:50:51 +01:00
Tom Christie
cefeb23b25 Merge pull request #1871 from jpadilla/third-party-docs
Add Third Party Resources Topic section
2014-09-14 16:52:53 +01:00
José Padilla
915dfb9b3d Update third-party-resources.md 2014-09-14 10:19:54 -04:00
José Padilla
4871dbdc73 Add invitation to add new content 2014-09-13 16:20:37 -04:00
José Padilla
1390b6801e Include third party resources link in home page 2014-09-13 16:20:16 -04:00
José Padilla
96c21b81f5 Add Third Party Resources Topic section 2014-09-13 13:53:40 -04:00
Tom Christie
afb28a44ad Dealing with reverse relationships 2014-09-12 21:32:20 +01:00