Merge remote-tracking branch 'reference/2.4.0' into feature/pytest

Conflicts: rest_framework/runtests/urls.py tests/test_response.py tox.ini

Merge remote-tracking branch 'reference/2.4.0' into feature/pytest
Conflicts: rest_framework/runtests/urls.py tests/test_response.py tox.ini
7b4463f7 · Xavier Ordoquy · 2aca69a9 · c9e6f311 · 7b4463f7 · 7b4463f7
Commit 7b4463f7 authored May 01, 2014 by Xavier Ordoquy
47 changed files
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,7 +11,6 @@ env:
  - DJANGO="django==1.6.3"
  - DJANGO="django==1.5.6"
  - DJANGO="django==1.4.11"
-  - DJANGO="django==1.3.7"
 install:
  - pip install $DJANGO
@@ -36,10 +35,5 @@ matrix:
      env: DJANGO="https://www.djangoproject.com/download/1.7b2/tarball/"
    - python: "3.2"
      env: DJANGO="django==1.4.11"
-    - python: "3.2"
-      env: DJANGO="django==1.3.7"
    - python: "3.3"
      env: DJANGO="django==1.4.11"
-    - python: "3.3"
-      env: DJANGO="django==1.3.7"
--- a/docs/api-guide/fields.md
+++ b/docs/api-guide/fields.md
@@ -164,11 +164,12 @@ Corresponds to `django.db.models.fields.BooleanField`.
 ## CharField
 A text representation, optionally validates the text to be shorter than `max_length` and longer than `min_length`.
+If `allow_none` is `False` (default), `None` values will be converted to an empty string.
 Corresponds to `django.db.models.fields.CharField`
 or `django.db.models.fields.TextField`.
-**Signature:** `CharField(max_length=None, min_length=None)`
+**Signature:** `CharField(max_length=None, min_length=None, allow_none=False)`
 ## URLField

--- a/docs/api-guide/routers.md
+++ b/docs/api-guide/routers.md
@@ -51,36 +51,41 @@ This means you'll need to explicitly set the `base_name` argument when registeri
 ### Extra link and actions
-Any methods on the viewset decorated with `@link` or `@action` will also be routed.
+Any methods on the viewset decorated with `@detail_route` or `@list_route` will also be routed.
 For example, given a method like this on the `UserViewSet` class:
-	from myapp.permissions import IsAdminOrIsSelf
+    from myapp.permissions import IsAdminOrIsSelf
-    from rest_framework.decorators import action
+    from rest_framework.decorators import detail_route
-    @action(permission_classes=[IsAdminOrIsSelf])
+    class UserViewSet(ModelViewSet):
-    def set_password(self, request, pk=None):
        ...
+        @detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
+        def set_password(self, request, pk=None):
+            ...
 The following URL pattern would additionally be generated:
 * URL pattern: `^users/{pk}/set_password/$`  Name: `'user-set-password'`
+For more information see the viewset documentation on [marking extra actions for routing][route-decorators].
 # API Guide
 ## SimpleRouter
-This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions.  The viewset can also mark additional methods to be routed, using the `@link` or `@action` decorators.
+This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions.  The viewset can also mark additional methods to be routed, using the `@detail_route` or `@list_route` decorators.
 <table border=1>
    <tr><th>URL Style</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
    <tr><td rowspan=2>{prefix}/</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
    <tr><td>POST</td><td>create</td></tr>
+    <tr><td>{prefix}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
    <tr><td rowspan=4>{prefix}/{lookup}/</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
    <tr><td>PUT</td><td>update</td></tr>
    <tr><td>PATCH</td><td>partial_update</td></tr>
    <tr><td>DELETE</td><td>destroy</td></tr>
-    <tr><td rowspan=2>{prefix}/{lookup}/{methodname}/</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
+    <tr><td>{prefix}/{lookup}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
-    <tr><td>POST</td><td>@action decorated method</td></tr>
 </table>
 By default the URLs created by `SimpleRouter` are appended with a trailing slash.
@@ -90,6 +95,12 @@ This behavior can be modified by setting the `trailing_slash` argument to `False
 Trailing slashes are conventional in Django, but are not used by default in some other frameworks such as Rails.  Which style you choose to use is largely a matter of preference, although some javascript frameworks may expect a particular routing style.
+The router will match lookup values containing any characters except slashes and period characters.  For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset.  For example, you can limit the lookup to valid UUIDs:
+    class MyModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet):
+        lookup_field = 'my_model_id'
+        lookup_value_regex = '[0-9a-f]{32}'
 ## DefaultRouter
 This router is similar to `SimpleRouter` as above, but additionally includes a default API root view, that returns a response containing hyperlinks to all the list views.  It also generates routes for optional `.json` style format suffixes.
@@ -99,12 +110,12 @@ This router is similar to `SimpleRouter` as above, but additionally includes a d
    <tr><td>[.format]</td><td>GET</td><td>automatically generated root view</td><td>api-root</td></tr></tr>
    <tr><td rowspan=2>{prefix}/[.format]</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
    <tr><td>POST</td><td>create</td></tr>
+    <tr><td>{prefix}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
    <tr><td rowspan=4>{prefix}/{lookup}/[.format]</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
    <tr><td>PUT</td><td>update</td></tr>
    <tr><td>PATCH</td><td>partial_update</td></tr>
    <tr><td>DELETE</td><td>destroy</td></tr>
-    <tr><td rowspan=2>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
+    <tr><td>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
-    <tr><td>POST</td><td>@action decorated method</td></tr>
 </table>
 As with `SimpleRouter` the trailing slashes on the URL routes can be removed by setting the `trailing_slash` argument to `False` when instantiating the router.
@@ -133,28 +144,87 @@ The arguments to the `Route` named tuple are:
 **initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view.  Note that the `suffix` argument is reserved for identifying the viewset type, used when generating the view name and breadcrumb links.
+## Customizing dynamic routes
+You can also customize how the `@list_route` and `@detail_route` decorators are routed.
+To route either or both of these decorators, include a `DynamicListRoute` and/or `DynamicDetailRoute` named tuple in the `.routes` list.
+The arguments to `DynamicListRoute` and `DynamicDetailRoute` are:
+**url**: A string representing the URL to be routed. May include the same format strings as `Route`, and additionally accepts the `{methodname}` and `{methodnamehyphen}` format strings.
+**name**: The name of the URL as used in `reverse` calls. May include the following format strings: `{basename}`, `{methodname}` and `{methodnamehyphen}`.
+**initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view.
 ## Example
 The following example will only route to the `list` and `retrieve` actions, and does not use the trailing slash convention.
-    from rest_framework.routers import Route, SimpleRouter
+    from rest_framework.routers import Route, DynamicDetailRoute, SimpleRouter
-    class ReadOnlyRouter(SimpleRouter):
+    class CustomReadOnlyRouter(SimpleRouter):
        """
        A router for read-only APIs, which doesn't use trailing slashes.
        """
        routes = [
-            Route(url=r'^{prefix}$',
+            Route(
-                  mapping={'get': 'list'},
+            	url=r'^{prefix}$',
-                  name='{basename}-list',
+            	mapping={'get': 'list'},
-                  initkwargs={'suffix': 'List'}),
+            	name='{basename}-list',
-            Route(url=r'^{prefix}/{lookup}$',
+            	initkwargs={'suffix': 'List'}
-                  mapping={'get': 'retrieve'},
+            ),
-                  name='{basename}-detail',
+            Route(
-                  initkwargs={'suffix': 'Detail'})
+            	url=r'^{prefix}/{lookup}$',
+               mapping={'get': 'retrieve'},
+               name='{basename}-detail',
+               initkwargs={'suffix': 'Detail'}
+            ),
+            DynamicDetailRoute(
+            	url=r'^{prefix}/{lookup}/{methodnamehyphen}$',
+            	name='{basename}-{methodnamehyphen}',
+            	initkwargs={}
+        	)
        ]
-The `SimpleRouter` class provides another example of setting the `.routes` attribute.
+Let's take a look at the routes our `CustomReadOnlyRouter` would generate for a simple viewset.
+`views.py`:
+    class UserViewSet(viewsets.ReadOnlyModelViewSet):
+        """
+        A viewset that provides the standard actions
+        """
+        queryset = User.objects.all()
+        serializer_class = UserSerializer
+        lookup_field = 'username'
+        @detail_route()
+        def group_names(self, request):
+            """
+            Returns a list of all the group names that the given
+            user belongs to.
+            """
+            user = self.get_object()
+            groups = user.groups.all()
+            return Response([group.name for group in groups])
+`urls.py`:
+    router = CustomReadOnlyRouter()
+    router.register('users', UserViewSet)
+	urlpatterns = router.urls
+The following mappings would be generated...
+<table border=1>
+    <tr><th>URL</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
+    <tr><td>/users</td><td>GET</td><td>list</td><td>user-list</td></tr>
+    <tr><td>/users/{username}</td><td>GET</td><td>retrieve</td><td>user-detail</td></tr>
+    <tr><td>/users/{username}/group-names</td><td>GET</td><td>group_names</td><td>user-group-names</td></tr>
+</table>
+For another example of setting the `.routes` attribute, see the source code for the `SimpleRouter` class.
 ## Advanced custom routers
@@ -180,6 +250,7 @@ The [wq.db package][wq.db] provides an advanced [Router][wq.db-router] class (an
    app.router.register_model(MyModel)
 [cite]: http://guides.rubyonrails.org/routing.html
+[route-decorators]: viewsets.html#marking-extra-actions-for-routing
 [drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
 [wq.db]: http://wq.io/wq.db
 [wq.db-router]: http://wq.io/docs/app.py
--- a/docs/api-guide/settings.md
+++ b/docs/api-guide/settings.md
@@ -377,5 +377,11 @@ The name of a parameter in the URL conf that may be used to provide a format suf
 Default: `'format'`
+#### NUM_PROXIES
+An integer of 0 or more, that may be used to specify the number of application proxies that the API runs behind.  This allows throttling to more accurately identify client IP addresses.  If set to `None` then less strict IP matching will be used by the throttle classes.
+Default: `None`
 [cite]: http://www.python.org/dev/peps/pep-0020/
 [strftime]: http://docs.python.org/2/library/time.html#time.strftime
--- a/docs/api-guide/throttling.md
+++ b/docs/api-guide/throttling.md
@@ -35,7 +35,7 @@ The default throttling policy may be set globally, using the `DEFAULT_THROTTLE_C
        'DEFAULT_THROTTLE_RATES': {
            'anon': '100/day',
            'user': '1000/day'
-        }        
+        }
    }
 The rate descriptions used in `DEFAULT_THROTTLE_RATES` may include `second`, `minute`, `hour` or `day` as the throttle period.
@@ -66,6 +66,16 @@ Or, if you're using the `@api_view` decorator with function based views.
        }
        return Response(content)
+## How clients are identified
+The `X-Forwarded-For` and `Remote-Addr` HTTP headers are used to uniquely identify client IP addresses for throttling.  If the `X-Forwarded-For` header is present then it will be used, otherwise the value of the `Remote-Addr` header will be used.
+If you need to strictly identify unique client IP addresses, you'll need to first configure the number of application proxies that the API runs behind by setting the `NUM_PROXIES` setting.  This setting should be an integer of zero or more.  If set to non-zero then the client IP will be identified as being the last IP address in the `X-Forwarded-For` header, once any application proxy IP addresses have first been excluded.  If set to zero, then the `Remote-Addr` header will always be used as the identifying IP address.
+It is important to understand that if you configure the `NUM_PROXIES` setting, then all clients behind a unique [NAT'd](http://en.wikipedia.org/wiki/Network_address_translation) gateway will be treated as a single client.
+Further context on how the `X-Forwarded-For` header works, and identifing a remote client IP can be [found here][identifing-clients].
 ## Setting up the cache
 The throttle classes provided by REST framework use Django's cache backend.  You should make sure that you've set appropriate [cache settings][cache-setting].  The default value of `LocMemCache` backend should be okay for simple setups.  See Django's [cache documentation][cache-docs] for more details.
@@ -178,5 +188,6 @@ The following is an example of a rate throttle, that will randomly throttle 1 in
 [cite]: https://dev.twitter.com/docs/error-codes-responses
 [permissions]: permissions.md
+[identifing-clients]: http://oxpedia.org/wiki/index.php?title=AppSuite:Grizzly#Multiple_Proxies_in_front_of_the_cluster
 [cache-setting]: https://docs.djangoproject.com/en/dev/ref/settings/#caches
 [cache-docs]: https://docs.djangoproject.com/en/dev/topics/cache/#setting-up-the-cache
--- a/docs/api-guide/viewsets.md
+++ b/docs/api-guide/viewsets.md
@@ -70,7 +70,7 @@ There are two main advantages of using a `ViewSet` class over using a `View` cla
 Both of these come with a trade-off.  Using regular views and URL confs is more explicit and gives you more control.  ViewSets are helpful if you want to get up and running quickly, or when you have a large API and you want to enforce a consistent URL configuration throughout.
-## Marking extra methods for routing
+## Marking extra actions for routing
 The default routers included with REST framework will provide routes for a standard set of create/retrieve/update/destroy style operations, as shown below:
@@ -101,14 +101,16 @@ The default routers included with REST framework will provide routes for a stand
        def destroy(self, request, pk=None):
            pass
-If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@link` or `@action` decorators.  The `@link` decorator will route `GET` requests, and the `@action` decorator will route `POST` requests.
+If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@detail_route` or `@list_route` decorators.
+The `@detail_route` decorator contains `pk` in its URL pattern and is intended for methods which require a single instance. The `@list_route` decorator is intended for methods which operate on a list of objects.
 For example:
    from django.contrib.auth.models import User
-    from rest_framework import viewsets
    from rest_framework import status
-    from rest_framework.decorators import action
+    from rest_framework import viewsets
+    from rest_framework.decorators import detail_route, list_route
    from rest_framework.response import Response
    from myapp.serializers import UserSerializer, PasswordSerializer
@@ -119,7 +121,7 @@ For example:
        queryset = User.objects.all()
        serializer_class = UserSerializer
-        @action()
+        @detail_route(methods=['post'])
        def set_password(self, request, pk=None):
            user = self.get_object()
            serializer = PasswordSerializer(data=request.DATA)
@@ -131,21 +133,27 @@ For example:
                return Response(serializer.errors,
                                status=status.HTTP_400_BAD_REQUEST)
-The `@action` and `@link` decorators can additionally take extra arguments that will be set for the routed view only.  For example...
+        @list_route()
+        def recent_users(self, request):
+            recent_users = User.objects.all().order('-last_login')
+            page = self.paginate_queryset(recent_users)
+            serializer = self.get_pagination_serializer(page)
+            return Response(serializer.data)
+The decorators can additionally take extra arguments that will be set for the routed view only.  For example...
-        @action(permission_classes=[IsAdminOrIsSelf])
+        @detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
        def set_password(self, request, pk=None):
           ...
-The `@action` decorator will route `POST` requests by default, but may also accept other HTTP methods, by using the `method` argument.  For example:
+By default, the decorators will route `GET` requests, but may also accept other HTTP methods, by using the `methods` argument.  For example:
-        @action(methods=['POST', 'DELETE'])
+        @detail_route(methods=['post', 'delete'])
        def unset_password(self, request, pk=None):
           ...
 The two new actions will then be available at the urls `^users/{pk}/set_password/$` and `^users/{pk}/unset_password/$`
 ---
 # API Reference

--- a/docs/topics/2.4-accouncement.md
+++ b/docs/topics/2.4-accouncement.md
+* Writable nested serializers.
+* List/detail routes.
+* 1.3 Support dropped, install six for <=1.4.?.
+* `allow_none` for char fields
+* `trailing_slash = True` --> `[^/]`, `trailing_slash = False` --> `[^/.]`, becomes simply `[^/]` and `lookup_value_regex` is added.
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -38,6 +38,17 @@ You can determine your currently installed version using `pip freeze`:
 ---
+### 2.4.0
+* `@detail_route` and `@list_route` decorators replace `@action` and `@link`.
+* `six` no longer bundled.  For Django <= 1.4.1, install `six` package.
+* Support customizable view name and description functions, using the `VIEW_NAME_FUNCTION` and `VIEW_DESCRIPTION_FUNCTION` settings.
+* Added `NUM_PROXIES` setting for smarter client IP identification.
+* Added `MAX_PAGINATE_BY` setting and `max_paginate_by` generic view attribute.
+* Added `cache` attribute to throttles to allow overriding of default cache.
+* Bugfix: `?page_size=0` query parameter now falls back to default page size for view, instead of always turning pagination off.
 ## 2.3.x series
 ### 2.3.x
@@ -60,6 +71,8 @@ You can determine your currently installed version using `pip freeze`:
 * Fix `Request`'s `QueryDict` encoding
 ### 2.3.13
+## 2.3.x series
 **Date**: 6th March 2014

--- a/docs/tutorial/6-viewsets-and-routers.md
+++ b/docs/tutorial/6-viewsets-and-routers.md
@@ -25,7 +25,7 @@ Here we've used `ReadOnlyModelViewSet` class to automatically provide the defaul
 Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighlight` view classes.  We can remove the three views, and again replace them with a single class.
-    from rest_framework.decorators import link
+    from rest_framework.decorators import detail_route
    class SnippetViewSet(viewsets.ModelViewSet):
        """
@@ -39,7 +39,7 @@ Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighl
        permission_classes = (permissions.IsAuthenticatedOrReadOnly,
                              IsOwnerOrReadOnly,)
-        @link(renderer_classes=[renderers.StaticHTMLRenderer])
+        @detail_route(renderer_classes=[renderers.StaticHTMLRenderer])
        def highlight(self, request, *args, **kwargs):
            snippet = self.get_object()
            return Response(snippet.highlighted)
@@ -49,9 +49,9 @@ Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighl
 This time we've used the `ModelViewSet` class in order to get the complete set of default read and write operations.
-Notice that we've also used the `@link` decorator to create a custom action, named `highlight`.  This decorator can be used to add any custom endpoints that don't fit into the standard `create`/`update`/`delete` style.
+Notice that we've also used the `@detail_route` decorator to create a custom action, named `highlight`.  This decorator can be used to add any custom endpoints that don't fit into the standard `create`/`update`/`delete` style.
-Custom actions which use the `@link` decorator will respond to `GET` requests.  We could have instead used the `@action` decorator if we wanted an action that responded to `POST` requests.
+Custom actions which use the `@detail_route` decorator will respond to `GET` requests.  We can use the `methods` argument if we wanted an action that responded to `POST` requests.
 ## Binding ViewSets to URLs explicitly

--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -6,9 +6,9 @@ import base64
 from django.contrib.auth import authenticate
 from django.core.exceptions import ImproperlyConfigured
+from django.middleware.csrf import CsrfViewMiddleware
 from django.conf import settings
 from rest_framework import exceptions, HTTP_HEADER_ENCODING
-from rest_framework.compat import CsrfViewMiddleware
 from rest_framework.compat import oauth, oauth_provider, oauth_provider_store
 from rest_framework.compat import oauth2_provider, provider_now, check_nonce
 from rest_framework.authtoken.models import Token

--- a/rest_framework/compat.py
+++ b/rest_framework/compat.py
--- a/rest_framework/decorators.py
+++ b/rest_framework/decorators.py
@@ -3,13 +3,14 @@ The most important decorator in this module is `@api_view`, which is used
 for writing function-based views with REST framework.
 There are also various decorators for setting the API policies on function
-based views, as well as the `@action` and `@link` decorators, which are
+based views, as well as the `@detail_route` and `@list_route` decorators, which are
 used to annotate methods on viewsets that should be included by routers.
 """
 from __future__ import unicode_literals
 from rest_framework.compat import six
 from rest_framework.views import APIView
 import types
+import warnings
 def api_view(http_method_names):
@@ -107,12 +108,40 @@ def permission_classes(permission_classes):
    return decorator
+def detail_route(methods=['get'], **kwargs):
+    """
+    Used to mark a method on a ViewSet that should be routed for detail requests.
+    """
+    def decorator(func):
+        func.bind_to_methods = methods
+        func.detail = True
+        func.kwargs = kwargs
+        return func
+    return decorator
+def list_route(methods=['get'], **kwargs):
+    """
+    Used to mark a method on a ViewSet that should be routed for list requests.
+    """
+    def decorator(func):
+        func.bind_to_methods = methods
+        func.detail = False
+        func.kwargs = kwargs
+        return func
+    return decorator
+# These are now pending deprecation, in favor of `detail_route` and `list_route`.
 def link(**kwargs):
    """
-    Used to mark a method on a ViewSet that should be routed for GET requests.
+    Used to mark a method on a ViewSet that should be routed for detail GET requests.
    """
+    msg = 'link is pending deprecation. Use detail_route instead.'
+    warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
    def decorator(func):
        func.bind_to_methods = ['get']
+        func.detail = True
        func.kwargs = kwargs
        return func
    return decorator
@@ -120,10 +149,13 @@ def link(**kwargs):
 def action(methods=['post'], **kwargs):
    """
-    Used to mark a method on a ViewSet that should be routed for POST requests.
+    Used to mark a method on a ViewSet that should be routed for detail POST requests.
    """
+    msg = 'action is pending deprecation. Use detail_route instead.'
+    warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
    def decorator(func):
        func.bind_to_methods = methods
+        func.detail = True
        func.kwargs = kwargs
        return func
    return decorator
\ No newline at end of file
--- a/rest_framework/fields.py
+++ b/rest_framework/fields.py
@@ -18,12 +18,14 @@ from django.conf import settings
 from django.db.models.fields import BLANK_CHOICE_DASH
 from django.http import QueryDict
 from django.forms import widgets
+from django.utils import timezone
 from django.utils.encoding import is_protected_type
 from django.utils.translation import ugettext_lazy as _
 from django.utils.datastructures import SortedDict
+from django.utils.dateparse import parse_date, parse_datetime, parse_time
 from rest_framework import ISO_8601
 from rest_framework.compat import (
-    timezone, parse_date, parse_datetime, parse_time, BytesIO, six, smart_text,
+    BytesIO, six, smart_text,
    force_text, is_non_str_iterable
 )
 from rest_framework.settings import api_settings
@@ -260,13 +262,6 @@ class WritableField(Field):
                 validators=[], error_messages=None, widget=None,
                 default=None, blank=None):
-        # 'blank' is to be deprecated in favor of 'required'
-        if blank is not None:
-            warnings.warn('The `blank` keyword argument is deprecated. '
-                          'Use the `required` keyword argument instead.',
-                          DeprecationWarning, stacklevel=2)
-            required = not(blank)
        super(WritableField, self).__init__(source=source, label=label, help_text=help_text)
        self.read_only = read_only
@@ -460,8 +455,9 @@ class CharField(WritableField):
    type_label = 'string'
    form_field_class = forms.CharField
-    def __init__(self, max_length=None, min_length=None, *args, **kwargs):
+    def __init__(self, max_length=None, min_length=None, allow_none=False, *args, **kwargs):
        self.max_length, self.min_length = max_length, min_length
+        self.allow_none = allow_none
        super(CharField, self).__init__(*args, **kwargs)
        if min_length is not None:
            self.validators.append(validators.MinLengthValidator(min_length))
@@ -469,7 +465,9 @@ class CharField(WritableField):
            self.validators.append(validators.MaxLengthValidator(max_length))
    def from_native(self, value):
-        if isinstance(value, six.string_types) or value is None:
+        if value is None and not self.allow_none:
+            return ''
+        if isinstance(value, six.string_types):
            return value
        return smart_text(value)

--- a/rest_framework/generics.py
+++ b/rest_framework/generics.py
@@ -121,11 +121,11 @@ class GenericAPIView(views.APIView):
        deprecated_style = False
        if page_size is not None:
            warnings.warn('The `page_size` parameter to `paginate_queryset()` '
-                          'is due to be deprecated. '
+                          'is deprecated. '
                          'Note that the return style of this method is also '
                          'changed, and will simply return a page object '
                          'when called without a `page_size` argument.',
-                          PendingDeprecationWarning, stacklevel=2)
+                          DeprecationWarning, stacklevel=2)
            deprecated_style = True
        else:
            # Determine the required page size.
@@ -136,10 +136,10 @@ class GenericAPIView(views.APIView):
        if not self.allow_empty:
            warnings.warn(
-                'The `allow_empty` parameter is due to be deprecated. '
+                'The `allow_empty` parameter is deprecated. '
                'To use `allow_empty=False` style behavior, You should override '
                '`get_queryset()` and explicitly raise a 404 on empty querysets.',
-                PendingDeprecationWarning, stacklevel=2
+                DeprecationWarning, stacklevel=2
            )
        paginator = self.paginator_class(queryset, page_size,
@@ -187,10 +187,10 @@ class GenericAPIView(views.APIView):
        if not filter_backends and self.filter_backend:
            warnings.warn(
                'The `filter_backend` attribute and `FILTER_BACKEND` setting '
-                'are due to be deprecated in favor of a `filter_backends` '
+                'are deprecated in favor of a `filter_backends` '
                'attribute and `DEFAULT_FILTER_BACKENDS` setting, that take '
                'a *list* of filter backend classes.',
-                PendingDeprecationWarning, stacklevel=2
+                DeprecationWarning, stacklevel=2
            )
            filter_backends = [self.filter_backend]
        return filter_backends
@@ -211,8 +211,8 @@ class GenericAPIView(views.APIView):
        """
        if queryset is not None:
            warnings.warn('The `queryset` parameter to `get_paginate_by()` '
-                          'is due to be deprecated.',
+                          'is deprecated.',
-                          PendingDeprecationWarning, stacklevel=2)
+                          DeprecationWarning, stacklevel=2)
        if self.paginate_by_param:
            try:
@@ -295,16 +295,16 @@ class GenericAPIView(views.APIView):
            filter_kwargs = {self.lookup_field: lookup}
        elif pk is not None and self.lookup_field == 'pk':
            warnings.warn(
-                'The `pk_url_kwarg` attribute is due to be deprecated. '
+                'The `pk_url_kwarg` attribute is deprecated. '
                'Use the `lookup_field` attribute instead',
-                PendingDeprecationWarning
+                DeprecationWarning
            )
            filter_kwargs = {'pk': pk}
        elif slug is not None and self.lookup_field == 'pk':
            warnings.warn(
-                'The `slug_url_kwarg` attribute is due to be deprecated. '
+                'The `slug_url_kwarg` attribute is deprecated. '
                'Use the `lookup_field` attribute instead',
-                PendingDeprecationWarning
+                DeprecationWarning
            )
            filter_kwargs = {self.slug_field: slug}
        else:
@@ -524,9 +524,9 @@ class RetrieveUpdateDestroyAPIView(mixins.RetrieveModelMixin,
 class MultipleObjectAPIView(GenericAPIView):
    def __init__(self, *args, **kwargs):
        warnings.warn(
-            'Subclassing `MultipleObjectAPIView` is due to be deprecated. '
+            'Subclassing `MultipleObjectAPIView` is deprecated. '
            'You should simply subclass `GenericAPIView` instead.',
-            PendingDeprecationWarning, stacklevel=2
+            DeprecationWarning, stacklevel=2
        )
        super(MultipleObjectAPIView, self).__init__(*args, **kwargs)
@@ -534,8 +534,8 @@ class MultipleObjectAPIView(GenericAPIView):
 class SingleObjectAPIView(GenericAPIView):
    def __init__(self, *args, **kwargs):
        warnings.warn(
-            'Subclassing `SingleObjectAPIView` is due to be deprecated. '
+            'Subclassing `SingleObjectAPIView` is deprecated. '
            'You should simply subclass `GenericAPIView` instead.',
-            PendingDeprecationWarning, stacklevel=2
+            DeprecationWarning, stacklevel=2
        )
        super(SingleObjectAPIView, self).__init__(*args, **kwargs)
--- a/rest_framework/mixins.py
+++ b/rest_framework/mixins.py
@@ -26,14 +26,14 @@ def _get_validation_exclusions(obj, pk=None, slug_field=None, lookup_field=None)
    include = []
    if pk:
-        # Pending deprecation
+        # Deprecated
        pk_field = obj._meta.pk
        while pk_field.rel:
            pk_field = pk_field.rel.to._meta.pk
        include.append(pk_field.name)
    if slug_field:
-        # Pending deprecation
+        # Deprecated
        include.append(slug_field)
    if lookup_field and lookup_field != 'pk':
@@ -79,10 +79,10 @@ class ListModelMixin(object):
        # `.allow_empty = False`, to raise 404 errors on empty querysets.
        if not self.allow_empty and not self.object_list:
            warnings.warn(
-                'The `allow_empty` parameter is due to be deprecated. '
+                'The `allow_empty` parameter is deprecated. '
                'To use `allow_empty=False` style behavior, You should override '
                '`get_queryset()` and explicitly raise a 404 on empty querysets.',
-                PendingDeprecationWarning
+                DeprecationWarning
            )
            class_name = self.__class__.__name__
            error_msg = self.empty_error % {'class_name': class_name}

--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -2,15 +2,12 @@
 Provides a set of pluggable permission policies.
 """
 from __future__ import unicode_literals
-import inspect
-import warnings
-SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 from django.http import Http404
 from rest_framework.compat import (get_model_name, oauth2_provider_scope,
                                   oauth2_constants)
+SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 class BasePermission(object):
    """
@@ -27,13 +24,6 @@ class BasePermission(object):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
-        if len(inspect.getargspec(self.has_permission).args) == 4:
-            warnings.warn(
-                'The `obj` argument in `has_permission` is deprecated. '
-                'Use `has_object_permission()` instead for object permissions.',
-                DeprecationWarning, stacklevel=2
-            )
-            return self.has_permission(request, view, obj)
        return True

--- a/rest_framework/relations.py
+++ b/rest_framework/relations.py
@@ -41,14 +41,6 @@ class RelatedField(WritableField):
    many = False
    def __init__(self, *args, **kwargs):
-        # 'null' is to be deprecated in favor of 'required'
-        if 'null' in kwargs:
-            warnings.warn('The `null` keyword argument is deprecated. '
-                          'Use the `required` keyword argument instead.',
-                          DeprecationWarning, stacklevel=2)
-            kwargs['required'] = not kwargs.pop('null')
        queryset = kwargs.pop('queryset', None)
        self.many = kwargs.pop('many', self.many)
        if self.many:
@@ -330,7 +322,7 @@ class HyperlinkedRelatedField(RelatedField):
        'incorrect_type': _('Incorrect type.  Expected url string, received %s.'),
    }
-    # These are all pending deprecation
+    # These are all deprecated
    pk_url_kwarg = 'pk'
    slug_field = 'slug'
    slug_url_kwarg = None  # Defaults to same as `slug_field` unless overridden
@@ -344,16 +336,16 @@ class HyperlinkedRelatedField(RelatedField):
        self.lookup_field = kwargs.pop('lookup_field', self.lookup_field)
        self.format = kwargs.pop('format', None)
-        # These are pending deprecation
+        # These are deprecated
        if 'pk_url_kwarg' in kwargs:
-            msg = 'pk_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'pk_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_url_kwarg' in kwargs:
-            msg = 'slug_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_field' in kwargs:
-            msg = 'slug_field is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_field is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        self.pk_url_kwarg = kwargs.pop('pk_url_kwarg', self.pk_url_kwarg)
        self.slug_field = kwargs.pop('slug_field', self.slug_field)
@@ -396,9 +388,9 @@ class HyperlinkedRelatedField(RelatedField):
                    # If the lookup succeeds using the default slug params,
                    # then `slug_field` is being used implicitly, and we
                    # we need to warn about the pending deprecation.
-                    msg = 'Implicit slug field hyperlinked fields are pending deprecation.' \
+                    msg = 'Implicit slug field hyperlinked fields are deprecated.' \
                          'You should set `lookup_field=slug` on the HyperlinkedRelatedField.'
-                    warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+                    warnings.warn(msg, DeprecationWarning, stacklevel=2)
                return ret
            except NoReverseMatch:
                pass
@@ -432,14 +424,11 @@ class HyperlinkedRelatedField(RelatedField):
        request = self.context.get('request', None)
        format = self.format or self.context.get('format', None)
-        if request is None:
+        assert request is not None, (
-            msg = (
+            "`HyperlinkedRelatedField` requires the request in the serializer "
-                "Using `HyperlinkedRelatedField` without including the request "
+            "context. Add `context={'request': request}` when instantiating "
-                "in the serializer context is deprecated. "
+            "the serializer."
-                "Add `context={'request': request}` when instantiating "
+        )
-                "the serializer."
-            )
-            warnings.warn(msg, DeprecationWarning, stacklevel=4)
        # If the object has not yet been saved then we cannot hyperlink to it.
        if getattr(obj, 'pk', None) is None:
@@ -499,7 +488,7 @@ class HyperlinkedIdentityField(Field):
    lookup_field = 'pk'
    read_only = True
-    # These are all pending deprecation
+    # These are all deprecated
    pk_url_kwarg = 'pk'
    slug_field = 'slug'
    slug_url_kwarg = None  # Defaults to same as `slug_field` unless overridden
@@ -515,16 +504,16 @@ class HyperlinkedIdentityField(Field):
        lookup_field = kwargs.pop('lookup_field', None)
        self.lookup_field = lookup_field or self.lookup_field
-        # These are pending deprecation
+        # These are deprecated
        if 'pk_url_kwarg' in kwargs:
-            msg = 'pk_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'pk_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_url_kwarg' in kwargs:
-            msg = 'slug_url_kwarg is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_url_kwarg is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        if 'slug_field' in kwargs:
-            msg = 'slug_field is pending deprecation. Use lookup_field instead.'
+            msg = 'slug_field is deprecated. Use lookup_field instead.'
-            warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
+            warnings.warn(msg, DeprecationWarning, stacklevel=2)
        self.slug_field = kwargs.pop('slug_field', self.slug_field)
        default_slug_kwarg = self.slug_url_kwarg or self.slug_field
@@ -538,11 +527,11 @@ class HyperlinkedIdentityField(Field):
        format = self.context.get('format', None)
        view_name = self.view_name
-        if request is None:
+        assert request is not None, (
-            warnings.warn("Using `HyperlinkedIdentityField` without including the "
+            "`HyperlinkedIdentityField` requires the request in the serializer"
-                          "request in the serializer context is deprecated. "
+            " context. Add `context={'request': request}` when instantiating "
-                          "Add `context={'request': request}` when instantiating the serializer.",
+            "the serializer."
-                          DeprecationWarning, stacklevel=4)
+        )
        # By default use whatever format is given for the current context
        # unless the target is a different type to the source.
@@ -606,41 +595,3 @@ class HyperlinkedIdentityField(Field):
                pass
        raise NoReverseMatch()
-### Old-style many classes for backwards compat
-class ManyRelatedField(RelatedField):
-    def __init__(self, *args, **kwargs):
-        warnings.warn('`ManyRelatedField()` is deprecated. '
-                      'Use `RelatedField(many=True)` instead.',
-                       DeprecationWarning, stacklevel=2)
-        kwargs['many'] = True
-        super(ManyRelatedField, self).__init__(*args, **kwargs)
-class ManyPrimaryKeyRelatedField(PrimaryKeyRelatedField):
-    def __init__(self, *args, **kwargs):
-        warnings.warn('`ManyPrimaryKeyRelatedField()` is deprecated. '
-                      'Use `PrimaryKeyRelatedField(many=True)` instead.',
-                       DeprecationWarning, stacklevel=2)
-        kwargs['many'] = True
-        super(ManyPrimaryKeyRelatedField, self).__init__(*args, **kwargs)
-class ManySlugRelatedField(SlugRelatedField):
-    def __init__(self, *args, **kwargs):
-        warnings.warn('`ManySlugRelatedField()` is deprecated. '
-                      'Use `SlugRelatedField(many=True)` instead.',
-                       DeprecationWarning, stacklevel=2)
-        kwargs['many'] = True
-        super(ManySlugRelatedField, self).__init__(*args, **kwargs)
-class ManyHyperlinkedRelatedField(HyperlinkedRelatedField):
-    def __init__(self, *args, **kwargs):
-        warnings.warn('`ManyHyperlinkedRelatedField()` is deprecated. '
-                      'Use `HyperlinkedRelatedField(many=True)` instead.',
-                       DeprecationWarning, stacklevel=2)
-        kwargs['many'] = True
-        super(ManyHyperlinkedRelatedField, self).__init__(*args, **kwargs)
--- a/rest_framework/routers.py
+++ b/rest_framework/routers.py
@@ -17,15 +17,17 @@ from __future__ import unicode_literals
 import itertools
 from collections import namedtuple
+from django.conf.urls import patterns, url
 from django.core.exceptions import ImproperlyConfigured
 from rest_framework import views
-from rest_framework.compat import patterns, url
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
 from rest_framework.urlpatterns import format_suffix_patterns
 Route = namedtuple('Route', ['url', 'mapping', 'name', 'initkwargs'])
+DynamicDetailRoute = namedtuple('DynamicDetailRoute', ['url', 'name', 'initkwargs'])
+DynamicListRoute = namedtuple('DynamicListRoute', ['url', 'name', 'initkwargs'])
 def replace_methodname(format_string, methodname):
@@ -88,6 +90,14 @@ class SimpleRouter(BaseRouter):
            name='{basename}-list',
            initkwargs={'suffix': 'List'}
        ),
+        # Dynamically generated list routes.
+        # Generated using @list_route decorator
+        # on methods of the viewset.
+        DynamicListRoute(
+            url=r'^{prefix}/{methodname}{trailing_slash}$',
+            name='{basename}-{methodnamehyphen}',
+            initkwargs={}
+        ),
        # Detail route.
        Route(
            url=r'^{prefix}/{lookup}{trailing_slash}$',
@@ -100,13 +110,10 @@ class SimpleRouter(BaseRouter):
            name='{basename}-detail',
            initkwargs={'suffix': 'Instance'}
        ),
-        # Dynamically generated routes.
+        # Dynamically generated detail routes.
-        # Generated using @action or @link decorators on methods of the viewset.
+        # Generated using @detail_route decorator on methods of the viewset.
-        Route(
+        DynamicDetailRoute(
            url=r'^{prefix}/{lookup}/{methodname}{trailing_slash}$',
-            mapping={
-                '{httpmethod}': '{methodname}',
-            },
            name='{basename}-{methodnamehyphen}',
            initkwargs={}
        ),
@@ -139,25 +146,42 @@ class SimpleRouter(BaseRouter):
        Returns a list of the Route namedtuple.
        """
-        known_actions = flatten([route.mapping.values() for route in self.routes])
+        known_actions = flatten([route.mapping.values() for route in self.routes if isinstance(route, Route)])
-        # Determine any `@action` or `@link` decorated methods on the viewset
+        # Determine any `@detail_route` or `@list_route` decorated methods on the viewset
-        dynamic_routes = []
+        detail_routes = []
+        list_routes = []
        for methodname in dir(viewset):
            attr = getattr(viewset, methodname)
            httpmethods = getattr(attr, 'bind_to_methods', None)
+            detail = getattr(attr, 'detail', True)
            if httpmethods:
                if methodname in known_actions:
-                    raise ImproperlyConfigured('Cannot use @action or @link decorator on '
+                    raise ImproperlyConfigured('Cannot use @detail_route or @list_route '
-                                               'method "%s" as it is an existing route' % methodname)
+                                               'decorators on method "%s" '
+                                               'as it is an existing route' % methodname)
                httpmethods = [method.lower() for method in httpmethods]
-                dynamic_routes.append((httpmethods, methodname))
+                if detail:
+                    detail_routes.append((httpmethods, methodname))
+                else:
+                    list_routes.append((httpmethods, methodname))
        ret = []
        for route in self.routes:
-            if route.mapping == {'{httpmethod}': '{methodname}'}:
+            if isinstance(route, DynamicDetailRoute):
-                # Dynamic routes (@link or @action decorator)
+                # Dynamic detail routes (@detail_route decorator)
-                for httpmethods, methodname in dynamic_routes:
+                for httpmethods, methodname in detail_routes:
+                    initkwargs = route.initkwargs.copy()
+                    initkwargs.update(getattr(viewset, methodname).kwargs)
+                    ret.append(Route(
+                        url=replace_methodname(route.url, methodname),
+                        mapping=dict((httpmethod, methodname) for httpmethod in httpmethods),
+                        name=replace_methodname(route.name, methodname),
+                        initkwargs=initkwargs,
+                    ))
+            elif isinstance(route, DynamicListRoute):
+                # Dynamic list routes (@list_route decorator)
+                for httpmethods, methodname in list_routes:
                    initkwargs = route.initkwargs.copy()
                    initkwargs.update(getattr(viewset, methodname).kwargs)
                    ret.append(Route(
@@ -195,13 +219,16 @@ class SimpleRouter(BaseRouter):
        https://github.com/alanjds/drf-nested-routers
        """
-        if self.trailing_slash:
+        base_regex = '(?P<{lookup_prefix}{lookup_field}>{lookup_value})'
-            base_regex = '(?P<{lookup_prefix}{lookup_field}>[^/]+)'
+        # Use `pk` as default field, unset set.  Default regex should not
-        else:
+        # consume `.json` style suffixes and should break at '/' boundaries.
-            # Don't consume `.json` style suffixes
-            base_regex = '(?P<{lookup_prefix}{lookup_field}>[^/.]+)'
        lookup_field = getattr(viewset, 'lookup_field', 'pk')
-        return base_regex.format(lookup_field=lookup_field, lookup_prefix=lookup_prefix)
+        lookup_value = getattr(viewset, 'lookup_value_regex', '[^/.]+')
+        return base_regex.format(
+            lookup_prefix=lookup_prefix,
+            lookup_field=lookup_field,
+            lookup_value=lookup_value
+        )
    def get_urls(self):
        """

--- a/rest_framework/serializers.py
+++ b/rest_framework/serializers.py
@@ -21,7 +21,7 @@ from django.core.paginator import Page
 from django.db import models
 from django.forms import widgets
 from django.utils.datastructures import SortedDict
-from rest_framework.compat import get_concrete_model, six
+from rest_framework.compat import six
 from rest_framework.settings import api_settings
@@ -181,7 +181,7 @@ class BaseSerializer(WritableField):
    _dict_class = SortedDictWithMetadata
    def __init__(self, instance=None, data=None, files=None,
-                 context=None, partial=False, many=None,
+                 context=None, partial=False, many=False,
                 allow_add_remove=False, **kwargs):
        super(BaseSerializer, self).__init__(**kwargs)
        self.opts = self._options_class(self.Meta)
@@ -411,12 +411,7 @@ class BaseSerializer(WritableField):
        if value is None:
            return None
-        if self.many is not None:
+        if self.many:
-            many = self.many
-        else:
-            many = hasattr(value, '__iter__') and not isinstance(value, (Page, dict, six.text_type))
-        if many:
            return [self.to_native(item) for item in value]
        return self.to_native(value)
@@ -662,7 +657,7 @@ class ModelSerializer(Serializer):
        cls = self.opts.model
        assert cls is not None, \
                "Serializer class '%s' is missing 'model' Meta option" % self.__class__.__name__
-        opts = get_concrete_model(cls)._meta
+        opts = cls._meta.concrete_model._meta
        ret = SortedDict()
        nested = bool(self.opts.depth)
@@ -695,10 +690,10 @@ class ModelSerializer(Serializer):
                if len(inspect.getargspec(self.get_nested_field).args) == 2:
                    warnings.warn(
                        'The `get_nested_field(model_field)` call signature '
-                        'is due to be deprecated. '
+                        'is deprecated. '
                        'Use `get_nested_field(model_field, related_model, '
                        'to_many) instead',
-                        PendingDeprecationWarning
+                        DeprecationWarning
                    )
                    field = self.get_nested_field(model_field)
                else:
@@ -707,10 +702,10 @@ class ModelSerializer(Serializer):
                if len(inspect.getargspec(self.get_nested_field).args) == 3:
                    warnings.warn(
                        'The `get_related_field(model_field, to_many)` call '
-                        'signature is due to be deprecated. '
+                        'signature is deprecated. '
                        'Use `get_related_field(model_field, related_model, '
                        'to_many) instead',
-                        PendingDeprecationWarning
+                        DeprecationWarning
                    )
                    field = self.get_related_field(model_field, to_many=to_many)
                else:
@@ -871,6 +866,10 @@ class ModelSerializer(Serializer):
                issubclass(model_field.__class__, models.PositiveSmallIntegerField):
            kwargs['min_value'] = 0
+        if model_field.null and \
+                issubclass(model_field.__class__, (models.CharField, models.TextField)):
+            kwargs['allow_none'] = True
        attribute_dict = {
            models.CharField: ['max_length'],
            models.CommaSeparatedIntegerField: ['max_length'],
@@ -897,7 +896,7 @@ class ModelSerializer(Serializer):
        Return a list of field names to exclude from model validation.
        """
        cls = self.opts.model
-        opts = get_concrete_model(cls)._meta
+        opts = cls._meta.concrete_model._meta
        exclusions = [field.name for field in opts.fields + opts.many_to_many]
        for field_name, field in self.fields.items():

--- a/rest_framework/settings.py
+++ b/rest_framework/settings.py
@@ -63,6 +63,7 @@ DEFAULTS = {
        'user': None,
        'anon': None,
    },
+    'NUM_PROXIES': None,
    # Pagination
    'PAGINATE_BY': None,

--- a/rest_framework/six.py
+++ b/rest_framework/six.py
--- a/rest_framework/templates/rest_framework/base.html
+++ b/rest_framework/templates/rest_framework/base.html
 {% load url from future %}
+{% load staticfiles %}
 {% load rest_framework %}
 <!DOCTYPE html>
 <html>

--- a/rest_framework/templates/rest_framework/login_base.html
+++ b/rest_framework/templates/rest_framework/login_base.html
 {% load url from future %}
+{% load staticfiles %}
 {% load rest_framework %}
 <html>

--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@@ -5,95 +5,13 @@ from django.http import QueryDict
 from django.utils.encoding import iri_to_uri
 from django.utils.html import escape
 from django.utils.safestring import SafeData, mark_safe
-from rest_framework.compat import urlparse, force_text, six, smart_urlquote
+from rest_framework.compat import urlparse, force_text, six
+from django.utils.html import smart_urlquote
 import re
 register = template.Library()
-# Note we don't use 'load staticfiles', because we need a 1.3 compatible
-# version, so instead we include the `static` template tag ourselves.
-# When 1.3 becomes unsupported by REST framework, we can instead start to
-# use the {% load staticfiles %} tag, remove the following code,
-# and add a dependency that `django.contrib.staticfiles` must be installed.
-# Note: We can't put this into the `compat` module because the compat import
-# from rest_framework.compat import ...
-# conflicts with this rest_framework template tag module.
-try:  # Django 1.5+
-    from django.contrib.staticfiles.templatetags.staticfiles import StaticFilesNode
-    @register.tag('static')
-    def do_static(parser, token):
-        return StaticFilesNode.handle_token(parser, token)
-except ImportError:
-    try:  # Django 1.4
-        from django.contrib.staticfiles.storage import staticfiles_storage
-        @register.simple_tag
-        def static(path):
-            """
-            A template tag that returns the URL to a file
-            using staticfiles' storage backend
-            """
-            return staticfiles_storage.url(path)
-    except ImportError:  # Django 1.3
-        from urlparse import urljoin
-        from django import template
-        from django.templatetags.static import PrefixNode
-        class StaticNode(template.Node):
-            def __init__(self, varname=None, path=None):
-                if path is None:
-                    raise template.TemplateSyntaxError(
-                        "Static template nodes must be given a path to return.")
-                self.path = path
-                self.varname = varname
-            def url(self, context):
-                path = self.path.resolve(context)
-                return self.handle_simple(path)
-            def render(self, context):
-                url = self.url(context)
-                if self.varname is None:
-                    return url
-                context[self.varname] = url
-                return ''
-            @classmethod
-            def handle_simple(cls, path):
-                return urljoin(PrefixNode.handle_simple("STATIC_URL"), path)
-            @classmethod
-            def handle_token(cls, parser, token):
-                """
-                Class method to parse prefix node and return a Node.
-                """
-                bits = token.split_contents()
-                if len(bits) < 2:
-                    raise template.TemplateSyntaxError(
-                        "'%s' takes at least one argument (path to file)" % bits[0])
-                path = parser.compile_filter(bits[1])
-                if len(bits) >= 2 and bits[-2] == 'as':
-                    varname = bits[3]
-                else:
-                    varname = None
-                return cls(varname, path)
-        @register.tag('static')
-        def do_static_13(parser, token):
-            return StaticNode.handle_token(parser, token)
 def replace_query_param(url, key, val):
    """
    Given a URL and a key/val pair, set or replace an item in the query

--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@@ -18,6 +18,25 @@ class BaseThrottle(object):
        """
        raise NotImplementedError('.allow_request() must be overridden')
+    def get_ident(self, request):
+        """
+        Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR
+        if present and number of proxies is > 0. If not use all of
+        HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.
+        """
+        xff = request.META.get('HTTP_X_FORWARDED_FOR')
+        remote_addr = request.META.get('REMOTE_ADDR')
+        num_proxies = api_settings.NUM_PROXIES
+        if num_proxies is not None:
+            if num_proxies == 0 or xff is None:
+                return remote_addr
+            addrs = xff.split(',')
+            client_addr = addrs[-min(num_proxies, len(xff))]
+            return client_addr.strip()
+        return xff if xff else remote_addr
    def wait(self):
        """
        Optionally, return a recommended number of seconds to wait before
@@ -154,13 +173,9 @@ class AnonRateThrottle(SimpleRateThrottle):
        if request.user.is_authenticated():
            return None  # Only throttle unauthenticated requests.
-        ident = request.META.get('HTTP_X_FORWARDED_FOR')
-        if ident is None:
-            ident = request.META.get('REMOTE_ADDR')
        return self.cache_format % {
            'scope': self.scope,
-            'ident': ident
+            'ident': self.get_ident(request)
        }
@@ -178,7 +193,7 @@ class UserRateThrottle(SimpleRateThrottle):
        if request.user.is_authenticated():
            ident = request.user.id
        else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
        return self.cache_format % {
            'scope': self.scope,
@@ -226,7 +241,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
        if request.user.is_authenticated():
            ident = request.user.id
        else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
        return self.cache_format % {
            'scope': self.scope,

--- a/rest_framework/urlpatterns.py
+++ b/rest_framework/urlpatterns.py
 from __future__ import unicode_literals
+from django.conf.urls import url, include
 from django.core.urlresolvers import RegexURLResolver
-from rest_framework.compat import url, include
 from rest_framework.settings import api_settings

--- a/rest_framework/urls.py
+++ b/rest_framework/urls.py
@@ -13,7 +13,7 @@ your authentication settings include `SessionAuthentication`.
    )
 """
 from __future__ import unicode_literals
-from rest_framework.compat import patterns, url
+from django.conf.urls import patterns, url
 template_name = {'template_name': 'rest_framework/login.html'}

--- a/rest_framework/utils/encoders.py
+++ b/rest_framework/utils/encoders.py
@@ -2,10 +2,11 @@
 Helper classes for parsers.
 """
 from __future__ import unicode_literals
+from django.utils import timezone
 from django.db.models.query import QuerySet
 from django.utils.datastructures import SortedDict
 from django.utils.functional import Promise
-from rest_framework.compat import timezone, force_text
+from rest_framework.compat import force_text
 from rest_framework.serializers import DictWithMetadata, SortedDictWithMetadata
 import datetime
 import decimal

--- a/tests/settings.py
+++ b/tests/settings.py
@@ -93,10 +93,7 @@ INSTALLED_APPS = (
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
-    # Uncomment the next line to enable the admin:
+    'django.contrib.staticfiles',
-    # 'django.contrib.admin',
-    # Uncomment the next line to enable admin documentation:
-    # 'django.contrib.admindocs',
    'rest_framework',
    'rest_framework.authtoken',
    'tests',

--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
 from __future__ import unicode_literals
+from django.conf.urls import patterns, url, include
 from django.contrib.auth.models import User
 from django.http import HttpResponse
 from django.test import TestCase
@@ -19,7 +20,7 @@ from rest_framework.authentication import (
    OAuth2Authentication
 )
 from rest_framework.authtoken.models import Token
-from rest_framework.compat import patterns, url, include, six
+from rest_framework.compat import six
 from rest_framework.compat import oauth2_provider, oauth2_provider_scope
 from rest_framework.compat import oauth, oauth_provider
 from rest_framework.test import APIRequestFactory, APIClient

--- a/tests/test_breadcrumbs.py
+++ b/tests/test_breadcrumbs.py
 from __future__ import unicode_literals
+from django.conf.urls import patterns, url
 from django.test import TestCase
-from rest_framework.compat import patterns, url
 from rest_framework.utils.breadcrumbs import get_breadcrumbs
 from rest_framework.views import APIView

--- a/tests/test_filters.py
+++ b/tests/test_filters.py
@@ -5,9 +5,9 @@ from django.db import models
 from django.core.urlresolvers import reverse
 from django.test import TestCase
 from django.utils import unittest
+from django.conf.urls import patterns, url
 from rest_framework import generics, serializers, status, filters
-from rest_framework.compat import django_filters, patterns, url
+from rest_framework.compat import django_filters
-from rest_framework.settings import api_settings
 from rest_framework.test import APIRequestFactory
 from .models import FilterableItem, BasicModel
 from .utils import temporary_setting

--- a/tests/test_genericrelations.py
+++ b/tests/test_genericrelations.py
@@ -84,7 +84,7 @@ class TestGenericRelations(TestCase):
                exclude = ('content_type', 'object_id')
        class BookmarkSerializer(serializers.ModelSerializer):
-            tags = TagSerializer()
+            tags = TagSerializer(many=True)
            class Meta:
                model = Bookmark

--- a/tests/test_htmlrenderer.py
+++ b/tests/test_htmlrenderer.py
 from __future__ import unicode_literals
 from django.core.exceptions import PermissionDenied
+from django.conf.urls import patterns, url
 from django.http import Http404
 from django.test import TestCase
 from django.template import TemplateDoesNotExist, Template
 import django.template.loader
 from rest_framework import status
-from rest_framework.compat import patterns, url
 from rest_framework.decorators import api_view, renderer_classes
 from rest_framework.renderers import TemplateHTMLRenderer
 from rest_framework.response import Response

--- a/tests/test_hyperlinkedserializers.py
+++ b/tests/test_hyperlinkedserializers.py
@@ -2,7 +2,7 @@ from __future__ import unicode_literals
 import json
 from django.test import TestCase
 from rest_framework import generics, status, serializers
-from rest_framework.compat import patterns, url
+from django.conf.urls import patterns, url
 from rest_framework.settings import api_settings
 from rest_framework.test import APIRequestFactory
 from tests.models import (
@@ -25,7 +25,7 @@ class BlogPostCommentSerializer(serializers.ModelSerializer):
 class PhotoSerializer(serializers.Serializer):
    description = serializers.CharField()
-    album_url = serializers.HyperlinkedRelatedField(source='album', view_name='album-detail', queryset=Album.objects.all(), lookup_field='title', slug_url_kwarg='title')
+    album_url = serializers.HyperlinkedRelatedField(source='album', view_name='album-detail', queryset=Album.objects.all(), lookup_field='title')
    def restore_object(self, attrs, instance=None):
        return Photo(**attrs)

--- a/tests/test_nullable_fields.py
+++ b/tests/test_nullable_fields.py
 from django.core.urlresolvers import reverse
-from rest_framework.compat import patterns, url
+from django.conf.urls import patterns, url
 from rest_framework.test import APITestCase
 from tests.models import NullableForeignKeySource
 from tests.serializers import NullableFKSourceSerializer

--- a/tests/test_relations_hyperlink.py
+++ b/tests/test_relations_hyperlink.py
 from __future__ import unicode_literals
+from django.conf.urls import patterns, url
 from django.test import TestCase
 from rest_framework import serializers
-from rest_framework.compat import patterns, url
 from rest_framework.test import APIRequestFactory
 from tests.models import (
    BlogPost,

--- a/tests/test_renderers.py
+++ b/tests/test_renderers.py
@@ -2,13 +2,14 @@
 from __future__ import unicode_literals
 from decimal import Decimal
+from django.conf.urls import patterns, url, include
 from django.core.cache import cache
 from django.db import models
 from django.test import TestCase
 from django.utils import unittest
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import status, permissions
-from rest_framework.compat import yaml, etree, patterns, url, include, six, StringIO
+from rest_framework.compat import yaml, etree, six, StringIO
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.renderers import BaseRenderer, JSONRenderer, YAMLRenderer, \

--- a/tests/test_request.py
+++ b/tests/test_request.py
@@ -2,6 +2,7 @@
 Tests for content parsing, and form-overloaded content parsing.
 """
 from __future__ import unicode_literals
+from django.conf.urls import patterns
 from django.contrib.auth.models import User
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.sessions.middleware import SessionMiddleware
@@ -9,7 +10,6 @@ from django.core.handlers.wsgi import WSGIRequest
 from django.test import TestCase
 from rest_framework import status
 from rest_framework.authentication import SessionAuthentication
-from rest_framework.compat import patterns
 from rest_framework.parsers import (
    BaseParser,
    FormParser,

--- a/tests/test_response.py
+++ b/tests/test_response.py
 from __future__ import unicode_literals
+from django.conf.urls import patterns, url, include
 from django.test import TestCase
 from tests.models import BasicModel, BasicModelSerializer
-from rest_framework.compat import patterns, url, include
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework import generics

--- a/tests/test_reverse.py
+++ b/tests/test_reverse.py
 from __future__ import unicode_literals
+from django.conf.urls import patterns, url
 from django.test import TestCase
-from rest_framework.compat import patterns, url
 from rest_framework.reverse import reverse
 from rest_framework.test import APIRequestFactory

--- a/tests/test_routers.py
+++ b/tests/test_routers.py
 from __future__ import unicode_literals
+from django.conf.urls import patterns, url, include
 from django.db import models
 from django.test import TestCase
 from django.core.exceptions import ImproperlyConfigured
 from rest_framework import serializers, viewsets, permissions
-from rest_framework.compat import include, patterns, url
+from rest_framework.decorators import detail_route, list_route
-from rest_framework.decorators import link, action
 from rest_framework.response import Response
 from rest_framework.routers import SimpleRouter, DefaultRouter
 from rest_framework.test import APIRequestFactory
@@ -18,23 +18,23 @@ class BasicViewSet(viewsets.ViewSet):
    def list(self, request, *args, **kwargs):
        return Response({'method': 'list'})
-    @action()
+    @detail_route(methods=['post'])
    def action1(self, request, *args, **kwargs):
        return Response({'method': 'action1'})
-    @action()
+    @detail_route(methods=['post'])
    def action2(self, request, *args, **kwargs):
        return Response({'method': 'action2'})
-    @action(methods=['post', 'delete'])
+    @detail_route(methods=['post', 'delete'])
    def action3(self, request, *args, **kwargs):
        return Response({'method': 'action2'})
-    @link()
+    @detail_route()
    def link1(self, request, *args, **kwargs):
        return Response({'method': 'link1'})
-    @link()
+    @detail_route()
    def link2(self, request, *args, **kwargs):
        return Response({'method': 'link2'})
@@ -121,6 +121,27 @@ class TestCustomLookupFields(TestCase):
        )
+class TestLookupValueRegex(TestCase):
+    """
+    Ensure the router honors lookup_value_regex when applied
+    to the viewset.
+    """
+    def setUp(self):
+        class NoteViewSet(viewsets.ModelViewSet):
+            queryset = RouterTestModel.objects.all()
+            lookup_field = 'uuid'
+            lookup_value_regex = '[0-9a-f]{32}'
+        self.router = SimpleRouter()
+        self.router.register(r'notes', NoteViewSet)
+        self.urls = self.router.urls
+    def test_urls_limited_by_lookup_value_regex(self):
+        expected = ['^notes/$', '^notes/(?P<uuid>[0-9a-f]{32})/$']
+        for idx in range(len(expected)):
+            self.assertEqual(expected[idx], self.urls[idx].regex.pattern)
 class TestTrailingSlashIncluded(TestCase):
    def setUp(self):
        class NoteViewSet(viewsets.ModelViewSet):
@@ -131,7 +152,7 @@ class TestTrailingSlashIncluded(TestCase):
        self.urls = self.router.urls
    def test_urls_have_trailing_slash_by_default(self):
-        expected = ['^notes/$', '^notes/(?P<pk>[^/]+)/$']
+        expected = ['^notes/$', '^notes/(?P<pk>[^/.]+)/$']
        for idx in range(len(expected)):
            self.assertEqual(expected[idx], self.urls[idx].regex.pattern)
@@ -175,7 +196,7 @@ class TestActionKeywordArgs(TestCase):
        class TestViewSet(viewsets.ModelViewSet):
            permission_classes = []
-            @action(permission_classes=[permissions.AllowAny])
+            @detail_route(methods=['post'], permission_classes=[permissions.AllowAny])
            def custom(self, request, *args, **kwargs):
                return Response({
                    'permission_classes': self.permission_classes
@@ -196,14 +217,14 @@ class TestActionKeywordArgs(TestCase):
 class TestActionAppliedToExistingRoute(TestCase):
    """
-    Ensure `@action` decorator raises an except when applied
+    Ensure `@detail_route` decorator raises an except when applied
    to an existing route
    """
    def test_exception_raised_when_action_applied_to_existing_route(self):
        class TestViewSet(viewsets.ModelViewSet):
-            @action()
+            @detail_route(methods=['post'])
            def retrieve(self, request, *args, **kwargs):
                return Response({
                    'hello': 'world'
@@ -214,3 +235,49 @@ class TestActionAppliedToExistingRoute(TestCase):
        with self.assertRaises(ImproperlyConfigured):
            self.router.urls
+class DynamicListAndDetailViewSet(viewsets.ViewSet):
+    def list(self, request, *args, **kwargs):
+        return Response({'method': 'list'})
+    @list_route(methods=['post'])
+    def list_route_post(self, request, *args, **kwargs):
+        return Response({'method': 'action1'})
+    @detail_route(methods=['post'])
+    def detail_route_post(self, request, *args, **kwargs):
+        return Response({'method': 'action2'})
+    @list_route()
+    def list_route_get(self, request, *args, **kwargs):
+        return Response({'method': 'link1'})
+    @detail_route()
+    def detail_route_get(self, request, *args, **kwargs):
+        return Response({'method': 'link2'})
+class TestDynamicListAndDetailRouter(TestCase):
+    def setUp(self):
+        self.router = SimpleRouter()
+    def test_list_and_detail_route_decorators(self):
+        routes = self.router.get_routes(DynamicListAndDetailViewSet)
+        decorator_routes = [r for r in routes if not (r.name.endswith('-list') or r.name.endswith('-detail'))]
+        # Make sure all these endpoints exist and none have been clobbered
+        for i, endpoint in enumerate(['list_route_get', 'list_route_post', 'detail_route_get', 'detail_route_post']):
+            route = decorator_routes[i]
+            # check url listing
+            if endpoint.startswith('list_'):
+                self.assertEqual(route.url,
+                                 '^{{prefix}}/{0}{{trailing_slash}}$'.format(endpoint))
+            else:
+                self.assertEqual(route.url,
+                                 '^{{prefix}}/{{lookup}}/{0}{{trailing_slash}}$'.format(endpoint))
+            # check method to function mapping
+            if endpoint.endswith('_post'):
+                method_map = 'post'
+            else:
+                method_map = 'get'
+            self.assertEqual(route.mapping[method_map], endpoint)
--- a/tests/test_serializer.py
+++ b/tests/test_serializer.py
@@ -30,6 +30,7 @@ if PIL is not None:
        image_field = models.ImageField(upload_to='test', max_length=1024, blank=True)
        slug_field = models.SlugField(max_length=1024, blank=True)
        url_field = models.URLField(max_length=1024, blank=True)
+        nullable_char_field = models.CharField(max_length=1024, blank=True, null=True)
    class DVOAFModel(RESTFrameworkModel):
        positive_integer_field = models.PositiveIntegerField(blank=True)
@@ -660,7 +661,7 @@ class ModelValidationTests(TestCase):
        second_serializer = AlbumsSerializer(data={'title': 'a'})
        self.assertFalse(second_serializer.is_valid())
        self.assertEqual(second_serializer.errors,  {'title': ['Album with this Title already exists.'],})
-        third_serializer = AlbumsSerializer(data=[{'title': 'b', 'ref': '1'}, {'title': 'c'}])
+        third_serializer = AlbumsSerializer(data=[{'title': 'b', 'ref': '1'}, {'title': 'c'}], many=True)
        self.assertFalse(third_serializer.is_valid())
        self.assertEqual(third_serializer.errors,  [{'ref': ['Album with this Ref already exists.']}, {}])
@@ -1257,6 +1258,20 @@ class BlankFieldTests(TestCase):
        serializer = self.model_serializer_class(data={})
        self.assertEqual(serializer.is_valid(), True)
+    def test_create_model_null_field_save(self):
+        """
+        Regression test for #1330.
+        https://github.com/tomchristie/django-rest-framework/pull/1330
+        """
+        serializer = self.model_serializer_class(data={'title': None})
+        self.assertEqual(serializer.is_valid(), True)
+        try:
+            serializer.save()
+        except Exception:
+            self.fail('Exception raised on save() after validation passes')
 #test for issue #460
 class SerializerPickleTests(TestCase):
@@ -1491,7 +1506,7 @@ class NestedSerializerContextTests(TestCase):
                model = Album
                fields = ("photo_set", "callable")
-            photo_set = PhotoSerializer(source="photo_set")
+            photo_set = PhotoSerializer(source="photo_set", many=True)
            callable = serializers.SerializerMethodField("_callable")
            def _callable(self, instance):
@@ -1503,7 +1518,7 @@ class NestedSerializerContextTests(TestCase):
            albums = None
        class AlbumCollectionSerializer(serializers.Serializer):
-            albums = AlbumSerializer(source="albums")
+            albums = AlbumSerializer(source="albums", many=True)
        album1 = Album.objects.create(title="album 1")
        album2 = Album.objects.create(title="album 2")
@@ -1660,6 +1675,10 @@ class AttributeMappingOnAutogeneratedFieldsTests(TestCase):
            'url_field': [
                ('max_length', 1024),
            ],
+            'nullable_char_field': [
+                ('max_length', 1024),
+                ('allow_none', True),
+            ],
        }
    def field_test(self, field):
@@ -1696,6 +1715,9 @@ class AttributeMappingOnAutogeneratedFieldsTests(TestCase):
    def test_url_field(self):
        self.field_test('url_field')
+    def test_nullable_char_field(self):
+        self.field_test('nullable_char_field')
 @unittest.skipUnless(PIL is not None, 'PIL is not installed')
 class DefaultValuesOnAutogeneratedFieldsTests(TestCase):

--- a/tests/test_testing.py
+++ b/tests/test_testing.py
 # -- coding: utf-8 --
 from __future__ import unicode_literals
+from django.conf.urls import patterns, url
 from io import BytesIO
 from django.contrib.auth.models import User
 from django.test import TestCase
-from rest_framework.compat import patterns, url
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
 from rest_framework.test import APIClient, APIRequestFactory, force_authenticate

--- a/tests/test_throttling.py
+++ b/tests/test_throttling.py
@@ -5,6 +5,7 @@ from __future__ import unicode_literals
 from django.test import TestCase
 from django.contrib.auth.models import User
 from django.core.cache import cache
+from rest_framework.settings import api_settings
 from rest_framework.test import APIRequestFactory
 from rest_framework.views import APIView
 from rest_framework.throttling import BaseThrottle, UserRateThrottle, ScopedRateThrottle
@@ -275,3 +276,68 @@ class ScopedRateThrottleTests(TestCase):
            self.increment_timer()
            response = self.unscoped_view(request)
            self.assertEqual(200, response.status_code)
+class XffTestingBase(TestCase):
+    def setUp(self):
+        class Throttle(ScopedRateThrottle):
+            THROTTLE_RATES = {'test_limit': '1/day'}
+            TIMER_SECONDS = 0
+            timer = lambda self: self.TIMER_SECONDS
+        class View(APIView):
+            throttle_classes = (Throttle,)
+            throttle_scope = 'test_limit'
+            def get(self, request):
+                return Response('test_limit')
+        cache.clear()
+        self.throttle = Throttle()
+        self.view = View.as_view()
+        self.request = APIRequestFactory().get('/some_uri')
+        self.request.META['REMOTE_ADDR'] = '3.3.3.3'
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 1.1.1.1, 2.2.2.2'
+    def config_proxy(self, num_proxies):
+        setattr(api_settings, 'NUM_PROXIES', num_proxies)
+class IdWithXffBasicTests(XffTestingBase):
+    def test_accepts_request_under_limit(self):
+        self.config_proxy(0)
+        self.assertEqual(200, self.view(self.request).status_code)
+    def test_denies_request_over_limit(self):
+        self.config_proxy(0)
+        self.view(self.request)
+        self.assertEqual(429, self.view(self.request).status_code)
+class XffSpoofingTests(XffTestingBase):
+    def test_xff_spoofing_doesnt_change_machine_id_with_one_app_proxy(self):
+        self.config_proxy(1)
+        self.view(self.request)
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '4.4.4.4, 5.5.5.5, 2.2.2.2'
+        self.assertEqual(429, self.view(self.request).status_code)
+    def test_xff_spoofing_doesnt_change_machine_id_with_two_app_proxies(self):
+        self.config_proxy(2)
+        self.view(self.request)
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '4.4.4.4, 1.1.1.1, 2.2.2.2'
+        self.assertEqual(429, self.view(self.request).status_code)
+class XffUniqueMachinesTest(XffTestingBase):
+    def test_unique_clients_are_counted_independently_with_one_proxy(self):
+        self.config_proxy(1)
+        self.view(self.request)
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 1.1.1.1, 7.7.7.7'
+        self.assertEqual(200, self.view(self.request).status_code)
+    def test_unique_clients_are_counted_independently_with_two_proxies(self):
+        self.config_proxy(2)
+        self.view(self.request)
+        self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 7.7.7.7, 2.2.2.2'
+        self.assertEqual(200, self.view(self.request).status_code)
--- a/tests/test_urlpatterns.py
+++ b/tests/test_urlpatterns.py
 from __future__ import unicode_literals
 from collections import namedtuple
+from django.conf.urls import patterns, url, include
 from django.core import urlresolvers
 from django.test import TestCase
 from rest_framework.test import APIRequestFactory
-from rest_framework.compat import patterns, url, include
 from rest_framework.urlpatterns import format_suffix_patterns

--- a/tox.ini
+++ b/tox.ini
 [tox]
 downloadcache = {toxworkdir}/cache/
-envlist = py3.3-django1.7,py3.2-django1.7,py2.7-django1.7,py3.3-django1.6,py3.2-django1.6,py2.7-django1.6,py2.6-django1.6,py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.6-django1.5,py2.7-django1.4,py2.6-django1.4,py2.7-django1.3,py2.6-django1.3
+envlist = py3.3-django1.7,py3.2-django1.7,py2.7-django1.7,py3.3-django1.6,py3.2-django1.6,py2.7-django1.6,py2.6-django1.6,py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.6-django1.5,py2.7-django1.4,py2.6-django1.4
 [testenv]
 commands = py.test -q
@@ -136,27 +136,3 @@ deps = django==1.4.11
       django-guardian==1.1.1
       Pillow==2.3.0
       pytest-django==2.6.1
-[testenv:py2.7-django1.3]
-basepython = python2.7
-deps = django==1.3.5
-       django-filter==0.5.4
-       defusedxml==0.3
-       django-oauth-plus==2.2.1
-       oauth2==1.5.211
-       django-oauth2-provider==0.2.3
-       django-guardian==1.1.1
-       Pillow==2.3.0
-       pytest-django==2.6.1
-[testenv:py2.6-django1.3]
-basepython = python2.6
-deps = django==1.3.5
-       django-filter==0.5.4
-       defusedxml==0.3
-       django-oauth-plus==2.2.1
-       oauth2==1.5.211
-       django-oauth2-provider==0.2.3
-       django-guardian==1.1.1
-       Pillow==2.3.0
-       pytest-django==2.6.1