Merge remote-tracking branch 'origin/master' into 2.4.0

Conflicts:
	.travis.yml
	docs/api-guide/fields.md
	docs/api-guide/routers.md
	docs/topics/release-notes.md
	rest_framework/authentication.py
	rest_framework/serializers.py
	rest_framework/templatetags/rest_framework.py
	rest_framework/tests/test_authentication.py
	rest_framework/tests/test_filters.py
	rest_framework/tests/test_hyperlinkedserializers.py
	rest_framework/tests/test_serializer.py
	rest_framework/tests/test_testing.py
	rest_framework/utils/encoders.py
	tox.ini

1 files changed, 30 insertions, 4 deletions

diff --git a/rest_framework/tests/test_authentication.py b/rest_framework/tests/test_authentication.py
index fb0bc694..6c14debb 100644
--- a/rest_framework/tests/test_authentication.py
+++ b/rest_framework/tests/test_authentication.py
@@ -4,6 +4,7 @@ from django.contrib.auth.models import User
 from django.http import HttpResponse
 from django.test import TestCase
 from django.utils import unittest
+from django.utils.http import urlencode
 from rest_framework import HTTP_HEADER_ENCODING
 from rest_framework import exceptions
 from rest_framework import permissions
@@ -19,7 +20,7 @@ from rest_framework.authentication import (
     OAuth2Authentication
 )
 from rest_framework.authtoken.models import Token
-from rest_framework.compat import oauth2_provider, oauth2_provider_models, oauth2_provider_scope
+from rest_framework.compat import oauth2_provider, oauth2_provider_scope
 from rest_framework.compat import oauth, oauth_provider
 from rest_framework.test import APIRequestFactory, APIClient
 from rest_framework.views import APIView
@@ -53,10 +54,14 @@ urlpatterns = patterns('',
         permission_classes=[permissions.TokenHasReadWriteScope]))
 )
 
+class OAuth2AuthenticationDebug(OAuth2Authentication):
+    allow_query_params_token = True
+
 if oauth2_provider is not None:
     urlpatterns += patterns('',
         url(r'^oauth2/', include('provider.oauth2.urls', namespace='oauth2')),
         url(r'^oauth2-test/$', MockView.as_view(authentication_classes=[OAuth2Authentication])),
+        url(r'^oauth2-test-debug/$', MockView.as_view(authentication_classes=[OAuth2AuthenticationDebug])),
         url(r'^oauth2-with-scope-test/$', MockView.as_view(authentication_classes=[OAuth2Authentication],
             permission_classes=[permissions.TokenHasReadWriteScope])),
     )
@@ -488,7 +493,7 @@ class OAuth2Tests(TestCase):
         self.ACCESS_TOKEN = "access_token"
         self.REFRESH_TOKEN = "refresh_token"
 
-        self.oauth2_client = oauth2_provider_models.Client.objects.create(
+        self.oauth2_client = oauth2_provider.oauth2.models.Client.objects.create(
                 client_id=self.CLIENT_ID,
                 client_secret=self.CLIENT_SECRET,
                 redirect_uri='',
@@ -497,12 +502,12 @@ class OAuth2Tests(TestCase):
                 user=None,
             )
 
-        self.access_token = oauth2_provider_models.AccessToken.objects.create(
+        self.access_token = oauth2_provider.oauth2.models.AccessToken.objects.create(
                 token=self.ACCESS_TOKEN,
                 client=self.oauth2_client,
                 user=self.user,
             )
-        self.refresh_token = oauth2_provider_models.RefreshToken.objects.create(
+        self.refresh_token = oauth2_provider.oauth2.models.RefreshToken.objects.create(
                 user=self.user,
                 access_token=self.access_token,
                 client=self.oauth2_client
@@ -546,6 +551,27 @@ class OAuth2Tests(TestCase):
         self.assertEqual(response.status_code, 200)
 
     @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
+    def test_post_form_passing_auth_url_transport(self):
+        """Ensure GETing form over OAuth with correct client credentials in form data succeed"""
+        response = self.csrf_client.post('/oauth2-test/',
+                data={'access_token': self.access_token.token})
+        self.assertEqual(response.status_code, 200)
+
+    @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
+    def test_get_form_passing_auth_url_transport(self):
+        """Ensure GETing form over OAuth with correct client credentials in query succeed when DEBUG is True"""
+        query = urlencode({'access_token': self.access_token.token})
+        response = self.csrf_client.get('/oauth2-test-debug/?%s' % query)
+        self.assertEqual(response.status_code, 200)
+
+    @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
+    def test_get_form_failing_auth_url_transport(self):
+        """Ensure GETing form over OAuth with correct client credentials in query fails when DEBUG is False"""
+        query = urlencode({'access_token': self.access_token.token})
+        response = self.csrf_client.get('/oauth2-test/?%s' % query)
+        self.assertIn(response.status_code, (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN))
+
+    @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
     def test_post_form_passing_auth(self):
         """Ensure POSTing form over OAuth with correct credentials passes and does not require CSRF"""
         auth = self._create_authorization_header()