Merge pull request #1499 from python-discord/dependabot/pip/djangorestframework-3.16.0

Bump djangorestframework from 3.14.0 to 3.16.0

Author: jchristgit

poetry.lock

@@ -60,4 +60,7 @@ def test_returns_404_for_non_existing_data(self):
 
         response = self.client.get(url)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {"detail": "Not found."})
+        self.assertEqual(
+            response.json(),
+            {"detail": "No BumpedThread matches the given query."},
+        )

pydis_site/apps/api/tests/test_bumped_threads.py

@@ -210,8 +210,15 @@ def test_fetch_non_existing(self) -> None:
                 sequence.model.objects.all().delete()
 
                 response = self.client.get(f"{sequence.url()}/42")
+                if "filter-lists" in sequence.url():
+                    kind = "FilterList"
+                else:
+                    kind = "Filter"
                 self.assertEqual(response.status_code, 404)
-                self.assertDictEqual(response.json(), {'detail': 'Not found.'})
+                self.assertDictEqual(
+                    response.json(),
+                    {'detail': f"No {kind} matches the given query."},
+                )
 
     def test_creation(self) -> None:
         for name, sequence in get_test_sequences().items():

pydis_site/apps/api/tests/test_filters.py

@@ -329,7 +329,7 @@ def test_partial_update(self):
 
     def test_partial_update_returns_400_for_frozen_field(self):
         url = reverse('api:bot:infraction-detail', args=(self.ban_hidden.id,))
-        data = {'user': 6}
+        data = {'user': 6, 'active': True}
 
         response = self.client.patch(url, data=data)
         self.assertEqual(response.status_code, 400)
@@ -559,7 +559,7 @@ def test_returns_400_for_second_active_infraction_of_the_same_type(self):
                     second_response.json(),
                     {
                         'non_field_errors': [
-                            'This user already has an active infraction of this type.'
+                            'The fields user, type must make a unique set.'
                         ]
                     }
                 )
@@ -824,7 +824,7 @@ def test_is_valid_if_active_infraction_with_same_fields_exists(self):
         self.create_infraction('ban', active=True)
         instance = self.create_infraction('ban', active=False)
 
-        data = {'reason': 'hello'}
+        data = {'reason': 'hello', 'active': True}
         serializer = InfractionSerializer(instance, data=data, partial=True)
 
         self.assertTrue(serializer.is_valid(), msg=serializer.errors)

pydis_site/apps/api/tests/test_infractions.py

@@ -379,7 +379,7 @@ def test_returns_404_on_get_unknown_nomination(self):
         response = self.client.get(url, data={})
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json(), {
-            "detail": "Not found."
+            "detail": "No Nomination matches the given query."
         })
 
     def test_returns_404_on_patch_unknown_nomination(self):
@@ -391,7 +391,7 @@ def test_returns_404_on_patch_unknown_nomination(self):
         response = self.client.patch(url, data={})
         self.assertEqual(response.status_code, 404)
         self.assertEqual(response.json(), {
-            "detail": "Not found."
+            "detail": "No Nomination matches the given query."
         })
 
     def test_returns_405_on_list_put(self):

pydis_site/apps/api/tests/test_nominations.py

@@ -208,4 +208,7 @@ def test_role_detail_404_all_methods(self):
         for method in ('get', 'put', 'patch', 'delete'):
             response = getattr(self.client, method)(url)
             self.assertEqual(response.status_code, 404)
-            self.assertJSONEqual(response.content, '{"detail": "Not found."}')
+            self.assertJSONEqual(
+                response.content,
+                '{"detail": "No Role matches the given query."}',
+            )

pydis_site/apps/api/tests/test_roles.py

@@ -746,7 +746,7 @@ def verify_adding_existing_alt(self, add_on_source: bool) -> None:
         response = self.client.post(repeated_url, repeated_data)
         self.assertEqual(response.status_code, 400)
         self.assertEqual(response.json(), {
-            'source': ["This relationship has already been established"]
+            'non_field_errors': ["The fields source, target must make a unique set."]
         })
 
     def test_removing_existing_alt_source_from_target(self) -> None:

pydis_site/apps/api/tests/test_users.py

@@ -28,9 +28,11 @@
 
 # https://www.django-rest-framework.org/api-guide/routers/#defaultrouter
 bot_router = DefaultRouter(trailing_slash=False)
+# XXX: We should probably figure out why we have this registered twice.
 bot_router.register(
     'filter/filter_lists',
-    FilterListViewSet
+    FilterListViewSet,
+    basename="filter-filterlists-list",
 )
 bot_router.register(
     "aoc-account-links",
@@ -62,7 +64,7 @@
 )
 bot_router.register(
     'filter-lists',
-    FilterListViewSet
+    FilterListViewSet,
 )
 bot_router.register(
     'infractions',

pydis_site/apps/api/urls.py

@@ -284,7 +284,12 @@ def create(self, request: HttpRequest, *args, **kwargs) -> Response:
         """
         try:
             return super().create(request, *args, **kwargs)
-        except IntegrityError as err:
+        except IntegrityError as err:  # pragma: no cover - see below
+            # Not covered: DRF handles this via `UniqueTogetherValidator` these
+            # days, which means it's hard to test this branch specifically.
+            # However, in a productive deployment, it's still very much
+            # possible for two concurrent inserts to run into IntegrityError.
+
             # We need to use `__cause__` here, as Django reraises the internal
             # UniqueViolation emitted by psycopg2 (which contains the attribute
             # that we actually need)

pydis_site/apps/api/viewsets/bot/infraction.py

@@ -395,7 +395,14 @@ def add_alt(self, request: Request, pk: str) -> Response:
                     raise ParseError(detail={
                         "source": ["The user may not be an alternate account of itself"]
                     })
-                if err.__cause__.diag.constraint_name == 'api_useraltrelationship_unique_relationships':
+                if (
+                    err.__cause__.diag.constraint_name == 'api_useraltrelationship_unique_relationships'
+                ):  # pragma: no cover - see below
+                    # This is not covered because newer DRF versions automatically validate this,
+                    # however the validation is done via a SELECT query which may race concurrent
+                    # inserts in prod. The only correct way is e.g. what Ecto does which is
+                    # associating the validators to the unique constraint errors to match in
+                    # errors, anything else may race.
                     raise ParseError(detail={
                         "source": ["This relationship has already been established"]
                     })

pydis_site/apps/api/viewsets/bot/user.py

@@ -15,7 +15,7 @@ django-environ = "0.11.2"
 django-filter = "25.1"
 django-prometheus = "2.3.1"
 django-simple-bulma = "2.6.0"
-djangorestframework = "3.14.0"
+djangorestframework = "3.16.0"
 gunicorn = "23.0.0"
 httpx = "0.28.1"
 markdown = "3.7"