Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

query validation filter #481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sliverc merged 30 commits into django-json-api:master from n2ygk:JSONAPIQueryValidationFilter
Sep 19, 2018
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
7b29f36
initial integration of JSONAPIDjangoFilter
n2ygk Aug 23, 2018
dc5ca38
documentation, isort, flake8
n2ygk Aug 24, 2018
6b0dc8c
Forgot to add django_filters to installed_apps
n2ygk Aug 24, 2018
d4fbf24
backwards compatibility for py27 + django-filter
n2ygk Aug 24, 2018
d86d217
handle optional django-filter package
n2ygk Aug 24, 2018
83c4cc0
fix travis to match new TOXENVs due to django-filter
n2ygk Aug 24, 2018
f5792c1
fixed a typo
n2ygk Aug 24, 2018
cbc9d55
add a warning if django-filter is missing and JSONAPIDjangoFilter is ...
n2ygk Aug 25, 2018
2f6ba1d
JSONAPIQueryValidationFilter implementation
n2ygk Aug 27, 2018
4f2b75b
improve filter_regex
n2ygk Aug 28, 2018
48b4c51
Merge branch 'JSONAPIDjangoFilter' into JSONAPIQueryValidationFilter
n2ygk Aug 28, 2018
2742d60
rename tests from filter to param
n2ygk Aug 29, 2018
6a8d7ae
easy changes recommended by @sliverc review
n2ygk Aug 29, 2018
db9e1f9
resolve @sliverc review method of using optional django-filter.
n2ygk Aug 29, 2018
68f5e02
Merge branch 'JSONAPIDjangoFilter' into JSONAPIQueryValidationFilter
n2ygk Aug 30, 2018
f0bdbd4
Merge branch 'master' into JSONAPIQueryValidationFilter
n2ygk Sep 17, 2018
64d4af0
remove JSONAPI prefix per #471
n2ygk Sep 17, 2018
23616a2
inadvertently removed when merging master
n2ygk Sep 17, 2018
2c476d9
add QueryValidation filter to NonPaginatedEntryViewset to avoid break...
n2ygk Sep 17, 2018
9b5ab9d
flake8
n2ygk Sep 17, 2018
dbd3d32
100% test coverage for QueryParamaterValidationFilter
n2ygk Sep 17, 2018
11aaf06
move QueryValidationFilter earlier and document how to extend query_r...
n2ygk Sep 17, 2018
57e95cc
QueryValidationFilter to README
n2ygk Sep 17, 2018
a22ca21
py2.7 fix for a non-ASCII quotation mark
n2ygk Sep 17, 2018
0252096
ugh I added back this junk file by mistake again
n2ygk Sep 17, 2018
9e715fa
Change "invalid filter" to "invalid query parameter" for malformed fi...
n2ygk Sep 18, 2018
af10543
renamed to QueryParameterValidationFilter to be clear that this is qu...
n2ygk Sep 18, 2018
c928d72
clearer language
n2ygk Sep 18, 2018
6e008ad
flake8 line length after renaming the class
n2ygk Sep 18, 2018
eed8133
Merge branch 'master' into JSONAPIQueryValidationFilter
sliverc Sep 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
remove JSONAPI prefix per #471
  • Loading branch information
n2ygk committed Sep 17, 2018
commit 64d4af084656ea3fca3fda8fda061e122532b23e
6 changes: 3 additions & 3 deletions docs/usage.md
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,8 +177,8 @@ for `GET http://127.0.0.1:8000/nopage-entries?filter[bad]=1`:
}
```

#### `JSONAPIQueryValidationFilter`
`JSONAPIQueryValidationFilter` validates query parameters to be one of the defined JSON:API query parameters
#### `QueryValidationFilter`
`QueryValidationFilter` validates query parameters to be one of the defined JSON:API query parameters
(sort, include, filter, fields, page) and returns a `400 Bad Request`. If a non-matching query parameter
is used. This can help the client identify misspelled query parameters, for example.

Expand Down Expand Up @@ -216,7 +216,7 @@ from models import MyModel
class MyViewset(ModelViewSet):
queryset = MyModel.objects.all()
serializer_class = MyModelSerializer
filter_backends = (filters.JSONAPIQueryValidationFilter, filters.OrderingFilter,
filter_backends = (filters.QueryValidationFilter, filters.OrderingFilter,
django_filters.DjangoFilterBackend,)
filterset_fields = {
'id': ('exact', 'lt', 'gt', 'gte', 'lte', 'in'),
Expand Down
2 changes: 1 addition & 1 deletion example/tests/test_filters.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ def test_filter_invalid_association_name(self):
def test_filter_empty_association_name(self):
"""
test for filter with missing association name
error texts are different depending on whether JSONAPIQueryValidationFilter is in use.
error texts are different depending on whether QueryValidationFilter is in use.
TODO: Just change the "invalid filter" to "invalid query parameter" in JSONAPIDjangoFilter?
"""
response = self.client.get(self.url, data={'filter[]': 'foobar'})
Expand Down
2 changes: 1 addition & 1 deletion rest_framework_json_api/filters/__init__.py
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
from .sort import OrderingFilter # noqa: F401
from .queryvalidation import JSONAPIQueryValidationFilter # noqa: F401
from .queryvalidation import QueryValidationFilter # noqa: F401
2 changes: 1 addition & 1 deletion rest_framework_json_api/filters/filter.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ class JSONAPIDjangoFilter(DjangoFilterBackend):
search_param = api_settings.SEARCH_PARAM

# Make this regex check for 'filter' as well as 'filter[...]'
# Leave other incorrect usages of 'filter' to JSONAPIQueryValidationFilter.
# Leave other incorrect usages of 'filter' to QueryValidationFilter.
# See http://jsonapi.org/format/#document-member-names for allowed characters
# and http://jsonapi.org/format/#document-member-names-reserved-characters for reserved
# characters (for use in paths, lists or as delimiters).
Expand Down
10 changes: 5 additions & 5 deletions rest_framework_json_api/filters/queryvalidation.py
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from rest_framework.filters import BaseFilterBackend


class JSONAPIQueryValidationFilter(BaseFilterBackend):
class QueryValidationFilter(BaseFilterBackend):
"""
A backend filter that performs strict validation of query parameters for
jsonapi spec conformance and raises a 400 error if non-conforming usage is
Expand All @@ -15,18 +15,18 @@ class JSONAPIQueryValidationFilter(BaseFilterBackend):
requirement that they MUST contain contain at least one non a-z character (U+0061 to U+007A).
It is RECOMMENDED that a U+002D HYPHEN-MINUS, "-", U+005F LOW LINE, "_", or capital letter is
used (e.g. camelCasing)." -- http://jsonapi.org/format/#query-parameters

TODO: For jsonapi error object conformance, must set jsonapi errors
"parameter" for the ValidationError. This requires extending DRF/DJA Exceptions.
"""
# sort and include stand alone; filter, fields, page have []'s
#: compiled regex that matches the allowed http://jsonapi.org/format/#query-parameters
#: `sort` and `include` stand alone; `filter`, `fields`, and `page` have []'s
query_regex = re.compile(r'^(sort|include)$|^(filter|fields|page)(\[[\w\.\-]+\])?$')

def validate_query_params(self, request):
"""
Validate that query params are in the list of valid query keywords
Raises ValidationError if not.
"""
# TODO: For jsonapi error object conformance, must set jsonapi errors "parameter" for
# the ValidationError. This requires extending DRF/DJA Exceptions.
for qp in request.query_params.keys():
if not self.query_regex.match(qp):
raise ValidationError('invalid query parameter: {}'.format(qp))
Expand Down

AltStyle によって変換されたページ (->オリジナル) /