Merge branch 'master' into feat/add-uniontype-check

And fix type(arg) instead of type(None)

Author: dan-blanchard

.github/FUNDING.yml

@@ -1,2 +1,2 @@
-# Please support Ukraine volonteers
+# polar: django-ninja
 custom: ["https://www.buymeacoffee.com/djangoninja"]

.github/workflows/test.yml

@@ -14,9 +14,9 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: '3.10'
       - name: Install Flit
-        run: pip install flit
+        run: pip install flit "django>=5.1"
       - name: Install Dependencies
         run: flit install --symlink
       - name: Test

.github/workflows/test_full.yml

@@ -8,11 +8,11 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
-        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12']
-        django-version: ['<3.2', '<3.3', '<4.2', '<4.3', '<5.1']
+        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12', '3.13']
+        django-version: ['<3.2', '<3.3', '<4.2', '<4.3', '<5.1', '<5.2', '<5.3']
         exclude:
           - python-version: '3.7'
             django-version: '<5.1'
@@ -24,7 +24,10 @@ jobs:
             django-version: '<3.2'
           - python-version: '3.12'
             django-version: '<3.3'
-
+          - python-version: '3.13'
+            django-version: '<3.2'
+          - python-version: '3.13'
+            django-version: '<3.3'
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python
@@ -46,9 +49,9 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: '3.10'
       - name: Install Flit
-        run: pip install flit
+        run: pip install flit "django>=5.2"
       - name: Install Dependencies
         run: flit install --symlink
       - name: Test
@@ -67,8 +70,8 @@ jobs:
       - name: Install Dependencies
         run: flit install --symlink
       - name: Ruff format
-        run: ruff format --check ninja tests
+        run: ruff format --preview --check ninja tests
       - name: Ruff lint
-        run: ruff check ninja tests
+        run: ruff check --preview ninja tests
       - name: mypy
         run: mypy ninja tests/mypy_test.py

.gitignore

@@ -13,3 +13,4 @@ docs/site
 
 .DS_Store
 .idea
+.python-version

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2023 Vitaliy Kucheryaviy
+Copyright (c) 2025 Vitaliy Kucheryaviy
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -22,16 +22,6 @@
 
 # Django Ninja - Fast Django REST Framework
 
-# v1.0 What's new
-Read more details here - https://django-ninja.dev/whatsnew_v1/ 
-
-Or Watch here:
-
-
-<a href="https://youtu.be/GrIpDXPG41o"><img width="500" alt="SCR-20231116-qmoj" src="https://github.com/vitalik/django-ninja/assets/95222/06958fbf-6d3a-4f33-aa76-7a29279c9959"></a>
-
-
-
 **Django Ninja** is a web framework for building APIs with **Django** and Python 3.6+ **type hints**.
 
 

docs/docs/guides/api-docs.md

@@ -101,7 +101,7 @@ In a Django template, for example:
 
 ## Creating custom docs viewer
 
-To create your own view for OpenaAPI - create a class inherited from DocsBase and overwrite `render_page` method:
+To create your own view for OpenAPI - create a class inherited from DocsBase and overwrite `render_page` method:
 
 ```python
 form ninja.openapi.docs import DocsBase

docs/docs/guides/async-support.md

@@ -187,7 +187,7 @@ async def search(request, post_id: int):
     ...
 ```
 
-There is a common **GOTCHA**: Django queryset's are lazily evaluated (database query happens only when you start iterating), so this will **not** work:
+There is a common **GOTCHA**: Django querysets are lazily evaluated (database query happens only when you start iterating), so this will **not** work:
 
 ```python
 all_blogs = await sync_to_async(Blog.objects.all)()

docs/docs/guides/authentication.md

@@ -126,6 +126,48 @@ Note: **`param_name`** is the name of the GET parameter that will be checked for
 {!./src/tutorial/authentication/apikey03.py!}
 ```
 
+### Django Session Authentication
+
+**Django Ninja** provides built-in session authentication classes that leverage Django's existing session framework:
+
+#### SessionAuth
+
+Uses Django's default session authentication - authenticates any logged-in user:
+
+```python
+from ninja.security import SessionAuth
+
+@api.get("/protected", auth=SessionAuth())
+def protected_view(request):
+    return {"user": request.auth.username}
+```
+
+#### SessionAuthSuperUser
+
+Authenticates only users with superuser privileges:
+
+```python
+from ninja.security import SessionAuthSuperUser
+
+@api.get("/admin-only", auth=SessionAuthSuperUser())
+def admin_view(request):
+    return {"message": "Hello superuser!"}
+```
+
+#### SessionAuthIsStaff
+
+Authenticates users who are either superusers or staff members:
+
+```python
+from ninja.security import SessionAuthIsStaff
+
+@api.get("/staff-area", auth=SessionAuthIsStaff())
+def staff_view(request):
+    return {"message": "Hello staff member!"}
+```
+
+These authentication classes automatically use Django's `SESSION_COOKIE_NAME` setting and check the user's authentication status through the standard Django session framework.
+
 
 
 ### HTTP Bearer
@@ -166,6 +208,8 @@ or using router constructor
 router = Router(auth=BasicAuth())
 ```
 
+This overrides any API level authentication. To allow router operations to not use the API-level authentication by default, you can explicitly set the router's `auth=None`.
+
 
 ## Custom exceptions
 

docs/docs/guides/errors.md

@@ -8,8 +8,8 @@ Let's say you are making API that depends on some external service that is desig
 
 To achieve that you need:
 
- - 1) create some exception (or use existing one)
- - 2) use api.exception_handler decorator
+1. create some exception (or use existing one)
+2. use api.exception_handler decorator
 
 
 Example:
@@ -52,13 +52,17 @@ function must return http response
 
 ## Override the default exception handlers
 
-By default, **Django Ninja** initialized the following exception handlers:
-
+**Django Ninja** registers default exception handlers for the types shown below.
+You can register your own handlers with `@api.exception_handler` to override the default handlers.
 
 #### `ninja.errors.AuthenticationError`
 
 Raised when authentication data is not valid
 
+#### `ninja.errors.AuthorizationError`
+
+Raised when authentication data is valid, but doesn't allow you to access the resource
+
 #### `ninja.errors.ValidationError`
 
 Raised when request data does not validate
@@ -81,10 +85,17 @@ Default behavior
   - **else** - default django exception handler mechanism is used (error logging, email to ADMINS)
 
 
-### Override default handler
+## Customizing request validation errors
 
-If you need to change default output for validation errors - override ValidationError exception handler:
+Requests that fail validation raise `ninja.errors.ValidationError` (not to be confused with `pydantic.ValidationError`).
+`ValidationError`s have a default exception handler that returns a 422 (Unprocessable Content) JSON response of the form:
+```json
+{
+    "detail": [ ... ]
+}
+```
 
+You can change this behavior by overriding the default handler for `ValidationError`s:
 
 ```python hl_lines="1 4"
 from ninja.errors import ValidationError
@@ -95,6 +106,36 @@ def validation_errors(request, exc):
     return HttpResponse("Invalid input", status=422)
 ```
 
+If you need even more control over validation errors (for example, if you need to reference the schema associated with
+the model that failed validation), you can supply your own `validation_error_from_error_contexts` in a `NinjaAPI` subclass:
+
+```python hl_lines="4"
+from ninja.errors import ValidationError, ValidationErrorContext
+from typing import Any, Dict, List
+
+class CustomNinjaAPI(NinjaAPI):
+    def validation_error_from_error_contexts(
+        self, error_contexts: List[ValidationErrorContext],
+    ) -> ValidationError:
+        custom_error_infos: List[Dict[str, Any]] = []
+        for context in error_contexts:
+            model = context.model
+            pydantic_schema = model.__pydantic_core_schema__
+            param_source = model.__ninja_param_source__
+            for e in context.pydantic_validation_error.errors(
+                include_url=False, include_context=False, include_input=False
+            ):
+                custom_error_info = {
+                # TODO: use `e`, `param_source`, and `pydantic_schema` as desired
+                }
+                custom_error_infos.append(custom_error_info)
+        return ValidationError(custom_error_infos)
+
+api = CustomNinjaAPI()
+```
+
+Now each `ValidationError` raised during request validation will contain data from your `validation_error_from_error_contexts`.
+
 
 ## Throwing HTTP responses with exceptions