PyPI - django-bolt - Versions diffs - 0.1.0__cp310-abi3-win_amd64.whl → 0.1.1__cp310-abi3-win_amd64.whl - Mend

django-bolt 0.1.0__cp310-abi3-win_amd64.whl → 0.1.1__cp310-abi3-win_amd64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of django-bolt might be problematic. Click here for more details.

Files changed (56) hide show

django_bolt/__init__.py +2 -2
django_bolt/_core.pyd +0 -0
django_bolt/_json.py +169 -0
django_bolt/admin/static_routes.py +15 -21
django_bolt/api.py +181 -61
django_bolt/auth/__init__.py +2 -2
django_bolt/decorators.py +15 -3
django_bolt/dependencies.py +30 -24
django_bolt/error_handlers.py +2 -1
django_bolt/openapi/plugins.py +3 -2
django_bolt/openapi/schema_generator.py +65 -20
django_bolt/pagination.py +2 -1
django_bolt/responses.py +3 -2
django_bolt/serialization.py +5 -4
{django_bolt-0.1.0.dist-info → django_bolt-0.1.1.dist-info}/METADATA +179 -197
{django_bolt-0.1.0.dist-info → django_bolt-0.1.1.dist-info}/RECORD +18 -55
django_bolt/auth/README.md +0 -464
django_bolt/auth/REVOCATION_EXAMPLE.md +0 -391
django_bolt/tests/__init__.py +0 -0
django_bolt/tests/admin_tests/__init__.py +0 -1
django_bolt/tests/admin_tests/conftest.py +0 -6
django_bolt/tests/admin_tests/test_admin_with_django.py +0 -278
django_bolt/tests/admin_tests/urls.py +0 -9
django_bolt/tests/cbv/__init__.py +0 -0
django_bolt/tests/cbv/test_class_views.py +0 -570
django_bolt/tests/cbv/test_class_views_django_orm.py +0 -703
django_bolt/tests/cbv/test_class_views_features.py +0 -1173
django_bolt/tests/cbv/test_class_views_with_client.py +0 -622
django_bolt/tests/conftest.py +0 -165
django_bolt/tests/test_action_decorator.py +0 -399
django_bolt/tests/test_auth_secret_key.py +0 -83
django_bolt/tests/test_decorator_syntax.py +0 -159
django_bolt/tests/test_error_handling.py +0 -481
django_bolt/tests/test_file_response.py +0 -192
django_bolt/tests/test_global_cors.py +0 -172
django_bolt/tests/test_guards_auth.py +0 -441
django_bolt/tests/test_guards_integration.py +0 -303
django_bolt/tests/test_health.py +0 -283
django_bolt/tests/test_integration_validation.py +0 -400
django_bolt/tests/test_json_validation.py +0 -536
django_bolt/tests/test_jwt_auth.py +0 -327
django_bolt/tests/test_jwt_token.py +0 -458
django_bolt/tests/test_logging.py +0 -837
django_bolt/tests/test_logging_merge.py +0 -419
django_bolt/tests/test_middleware.py +0 -492
django_bolt/tests/test_middleware_server.py +0 -230
django_bolt/tests/test_model_viewset.py +0 -323
django_bolt/tests/test_models.py +0 -24
django_bolt/tests/test_pagination.py +0 -1258
django_bolt/tests/test_parameter_validation.py +0 -178
django_bolt/tests/test_syntax.py +0 -626
django_bolt/tests/test_testing_utilities.py +0 -163
django_bolt/tests/test_testing_utilities_simple.py +0 -123
django_bolt/tests/test_viewset_unified.py +0 -346
{django_bolt-0.1.0.dist-info → django_bolt-0.1.1.dist-info}/WHEEL +0 -0
{django_bolt-0.1.0.dist-info → django_bolt-0.1.1.dist-info}/entry_points.txt +0 -0

django_bolt/tests/cbv/test_class_views_features.py DELETED Viewed

@@ -1,1173 +0,0 @@
-"""
-Comprehensive feature tests for class-based views.
-This test suite verifies that ALL Django-Bolt features work correctly with
-class-based views (APIView, ViewSet, ModelViewSet):
-- Request validation (Body, Query, Path, Header, Cookie, Form, File)
-- Response validation and serialization
-- Authentication (JWT, APIKey, Session)
-- Guards/Permissions (IsAuthenticated, IsAdminUser, HasPermission, etc.)
-- Dependency injection (Depends)
-- Middleware (CORS, rate limiting)
-- Error handling (HTTPException, validation errors)
-- Streaming responses
-- File uploads/downloads
-"""
-import pytest
-import msgspec
-from typing import Annotated
-from django_bolt import BoltAPI
-from django_bolt.testing import TestClient
-from django_bolt.views import APIView, ViewSet, ModelViewSet
-from django_bolt.params import Query, Path, Body, Header, Cookie, Form, File, Depends
-from django_bolt.exceptions import HTTPException
-from django_bolt.responses import StreamingResponse, FileResponse
-from django_bolt.auth import JWTAuthentication, APIKeyAuthentication
-from django_bolt.auth.guards import IsAuthenticated, IsAdminUser, IsStaff, HasPermission
-# --- Fixtures ---
-@pytest.fixture
-def api():
-    """Create a fresh BoltAPI instance for each test."""
-    return BoltAPI()
-# --- Schemas ---
-class UserSchema(msgspec.Struct):
-    """User response schema."""
-    id: int
-    username: str
-    email: str
-class UserCreateSchema(msgspec.Struct):
-    """User creation schema."""
-    username: str
-    email: str
-    password: str
-class ErrorResponse(msgspec.Struct):
-    """Error response schema."""
-    detail: str
-    code: str | None = None
-# ============================================================================
-# Request Validation Tests
-# ============================================================================
-def test_request_body_validation_error(api):
-    """Test that invalid request body returns proper validation error."""
-    @api.view("/users", methods=["POST"])
-    class ArticleView(APIView):
-        async def post(self, request, data: UserCreateSchema):
-            return {"ok": True}
-    with TestClient(api) as client:
-        # Missing required field
-        response = client.post("/users", json={"username": "test"})
-        assert response.status_code == 422  # Validation error returns 422
-        data = response.json()
-        assert "detail" in data
-        # Detail is a list of error objects with 'loc', 'msg', 'type' fields
-        errors = data["detail"]
-        assert isinstance(errors, list)
-        assert any("email" in str(err.get("loc", [])) or "email" in err.get("msg", "") for err in errors)
-        # Invalid type
-        response = client.post("/users", json={
-            "username": 123,  # Should be string
-            "email": "test@example.com",
-            "password": "secret"
-        })
-        assert response.status_code == 422  # Validation error returns 422
-def test_query_parameter_validation(api):
-    """Test query parameter validation with constraints.
-    NOTE: Query parameter constraint validation (ge, le, etc.) is not currently
-    enforced by Django-Bolt. This test just verifies basic query param extraction.
-    """
-    @api.view("/search", methods=["GET"])
-    class SearchView(APIView):
-        async def get(self,
-                     request,
-                     page: Annotated[int, Query(ge=1)] = 1,
-                     limit: Annotated[int, Query(ge=1, le=100)] = 10):
-            return {"page": page, "limit": limit}
-    with TestClient(api) as client:
-        # Valid params
-        response = client.get("/search?page=1&limit=50")
-        assert response.status_code == 200
-        assert response.json()["page"] == 1
-        assert response.json()["limit"] == 50
-        # TODO: Enable when constraint validation is implemented
-        # # Invalid: page < 1
-        # response = client.get("/search?page=0")
-        # assert response.status_code == 400
-        # # Invalid: limit > 100
-        # response = client.get("/search?limit=200")
-        # assert response.status_code == 400
-def test_path_parameter_validation(api):
-    """Test path parameter validation."""
-    @api.view("/users/{user_id}", methods=["GET"])
-    class UserView(APIView):
-        async def get(self, request, user_id: Annotated[int, Path(ge=1)]):
-            return {"user_id": user_id}
-    with TestClient(api) as client:
-        # Valid
-        response = client.get("/users/123")
-        assert response.status_code == 200
-        assert response.json()["user_id"] == 123
-        # Invalid: not a number (raises ValueError, returns 422)
-        response = client.get("/users/abc")
-        assert response.status_code == 422  # Type coercion validation error
-def test_header_parameter_extraction(api):
-    """Test extracting parameters from HTTP headers."""
-    @api.view("/protected", methods=["GET"])
-    class APIView_WithHeader(APIView):
-        async def get(self,
-                     request,
-                     api_key: Annotated[str, Header(alias="X-API-Key")],
-                     user_agent: Annotated[str, Header(alias="User-Agent")] = "unknown"):
-            return {"api_key": api_key, "user_agent": user_agent}
-    with TestClient(api) as client:
-        # With headers
-        response = client.get("/protected", headers={
-            "X-API-Key": "secret123",
-            "User-Agent": "TestClient/1.0"
-        })
-        assert response.status_code == 200
-        assert response.json()["api_key"] == "secret123"
-        assert response.json()["user_agent"] == "TestClient/1.0"
-        # Missing required header
-        response = client.get("/protected")
-        assert response.status_code == 500  # ValueError raises 500
-def test_cookie_parameter_extraction(api):
-    """Test extracting parameters from cookies."""
-    @api.view("/session", methods=["GET"])
-    class SessionView(APIView):
-        async def get(self,
-                     request,
-                     session_id: Annotated[str, Cookie(alias="session")],
-                     theme: Annotated[str, Cookie(alias="theme")] = "light"):
-            return {"session_id": session_id, "theme": theme}
-    with TestClient(api) as client:
-        # With cookies
-        response = client.get("/session", cookies={
-            "session": "abc123",
-            "theme": "dark"
-        })
-        assert response.status_code == 200
-        assert response.json()["session_id"] == "abc123"
-        assert response.json()["theme"] == "dark"
-        # Missing required cookie
-        response = client.get("/session")
-        assert response.status_code == 500  # ValueError raises 500
-def test_mixed_parameter_sources(api):
-    """Test mixing parameters from different sources."""
-    @api.view("/users/{user_id}/update", methods=["POST"])
-    class ComplexView(APIView):
-        async def post(self,
-                      request,
-                      user_id: int,  # Path
-                      include_details: bool = False,  # Query
-                      api_key: Annotated[str, Header(alias="X-API-Key")] = "",  # Header
-                      data: UserCreateSchema = Body()):  # Body
-            return {
-                "user_id": user_id,
-                "include_details": include_details,
-                "api_key": api_key,
-                "data": {
-                    "username": data.username,
-                    "email": data.email
-                }
-            }
-    with TestClient(api) as client:
-        response = client.post(
-            "/users/123/update?include_details=true",
-            json={"username": "john", "email": "john@example.com", "password": "secret"},
-            headers={"X-API-Key": "key123"}
-        )
-        assert response.status_code == 200
-        data = response.json()
-        assert data["user_id"] == 123
-        assert data["include_details"] is True
-        assert data["api_key"] == "key123"
-        assert data["data"]["username"] == "john"
-# ============================================================================
-# Response Validation Tests
-# ============================================================================
-def test_response_model_validation(api):
-    """Test that response is validated against response_model."""
-    @api.view("/user", methods=["GET"])
-    class UserView(APIView):
-        async def get(self, request) -> UserSchema:
-            # Return dict, should be validated
-            return {
-                "id": 1,
-                "username": "john",
-                "email": "john@example.com"
-            }
-    with TestClient(api) as client:
-        response = client.get("/user")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["id"] == 1
-        assert data["username"] == "john"
-        assert data["email"] == "john@example.com"
-def test_response_list_validation(api):
-    """Test that list responses are validated."""
-    @api.view("/users", methods=["GET"])
-    class UsersView(APIView):
-        async def get(self, request) -> list[UserSchema]:
-            return [
-                {"id": 1, "username": "john", "email": "john@example.com"},
-                {"id": 2, "username": "jane", "email": "jane@example.com"}
-            ]
-    with TestClient(api) as client:
-        response = client.get("/users")
-        assert response.status_code == 200
-        data = response.json()
-        assert len(data) == 2
-        assert data[0]["id"] == 1
-        assert data[1]["id"] == 2
-# ============================================================================
-# Authentication Tests
-# ============================================================================
-@pytest.mark.django_db
-def test_jwt_authentication_with_class_view(api):
-    """Test JWT authentication with class-based views.
-    NOTE: JWT authentication runs in Rust middleware, so we need to use
-    use_http_layer=True to test it properly.
-    """
-    from django.contrib.auth.models import User
-    from django_bolt.auth.jwt_utils import create_jwt_for_user
-    # Create test user
-    user = User.objects.create(username="testuser", email="test@example.com")
-    token = create_jwt_for_user(user, secret="test-secret")
-    @api.view("/protected", methods=["GET"])
-    class ProtectedView(APIView):
-        auth = [JWTAuthentication(secret="test-secret")]
-        guards = [IsAuthenticated()]
-        async def get(self, request):
-            auth_context = request.get("auth", {})
-            return {"user_id": auth_context.get("user_id")}
-    with TestClient(api, use_http_layer=True) as client:
-        # Without token - should fail
-        response = client.get("/protected")
-        assert response.status_code == 401
-        # With valid token - should work
-        response = client.get("/protected", headers={
-            "Authorization": f"Bearer {token}"
-        })
-        assert response.status_code == 200
-        # user_id is returned as string from JWT
-        assert response.json()["user_id"] == str(user.id)
-def test_api_key_authentication_with_class_view(api):
-    """Test API key authentication with class-based views."""
-    @api.view("/protected", methods=["GET"])
-    class ProtectedView(APIView):
-        auth = [APIKeyAuthentication(api_keys=["secret-key-123"])]
-        guards = [IsAuthenticated()]
-        async def get(self, request):
-            return {"authenticated": True}
-    with TestClient(api, use_http_layer=True) as client:
-        # Without API key - should fail
-        response = client.get("/protected")
-        assert response.status_code == 401
-        # With valid API key - should work
-        response = client.get("/protected", headers={
-            "X-API-Key": "secret-key-123"
-        })
-        assert response.status_code == 200
-        assert response.json()["authenticated"] is True
-        # With invalid API key - should fail
-        response = client.get("/protected", headers={
-            "X-API-Key": "invalid-key"
-        })
-        assert response.status_code == 401
-# ============================================================================
-# Guards/Permissions Tests
-# ============================================================================
-@pytest.mark.django_db
-def test_is_authenticated_guard_with_class_view(api):
-    """Test IsAuthenticated guard with class-based views."""
-    from django.contrib.auth.models import User
-    from django_bolt.auth.jwt_utils import create_jwt_for_user
-    user = User.objects.create(username="testuser")
-    token = create_jwt_for_user(user, secret="test-secret")
-    @api.view("/protected", methods=["GET"])
-    class ProtectedView(APIView):
-        auth = [JWTAuthentication(secret="test-secret")]
-        guards = [IsAuthenticated()]
-        async def get(self, request):
-            return {"ok": True}
-    with TestClient(api, use_http_layer=True) as client:
-        # Not authenticated
-        response = client.get("/protected")
-        assert response.status_code == 401
-        # Authenticated
-        response = client.get("/protected", headers={
-            "Authorization": f"Bearer {token}"
-        })
-        assert response.status_code == 200
-@pytest.mark.django_db
-def test_is_admin_guard_with_class_view(api):
-    """Test IsAdminUser guard with class-based views."""
-    from django.contrib.auth.models import User
-    from django_bolt.auth.jwt_utils import create_jwt_for_user
-    # Regular user
-    user = User.objects.create(username="regular", is_staff=False, is_superuser=False)
-    user_token = create_jwt_for_user(user, secret="test-secret")
-    # Admin user
-    admin = User.objects.create(username="admin", is_staff=True, is_superuser=True)
-    admin_token = create_jwt_for_user(admin, secret="test-secret")
-    @api.view("/admin", methods=["GET"])
-    class AdminView(APIView):
-        auth = [JWTAuthentication(secret="test-secret")]
-        guards = [IsAdminUser()]
-        async def get(self, request):
-            return {"ok": True}
-    with TestClient(api, use_http_layer=True) as client:
-        # Regular user - should fail
-        response = client.get("/admin", headers={
-            "Authorization": f"Bearer {user_token}"
-        })
-        assert response.status_code == 403
-        # Admin user - should work
-        response = client.get("/admin", headers={
-            "Authorization": f"Bearer {admin_token}"
-        })
-        assert response.status_code == 200
-@pytest.mark.django_db
-def test_has_permission_guard_with_class_view(api):
-    """Test HasPermission guard with class-based views."""
-    from django.contrib.auth.models import User, Permission
-    from django.contrib.contenttypes.models import ContentType
-    from django_bolt.auth.jwt_utils import create_jwt_for_user
-    # Create permission
-    content_type = ContentType.objects.get_for_model(User)
-    permission = Permission.objects.create(
-        codename="can_delete_user",
-        name="Can delete user",
-        content_type=content_type
-    )
-    # User without permission
-    user1 = User.objects.create(username="user1")
-    token1 = create_jwt_for_user(user1, secret="test-secret")
-    # User with permission
-    user2 = User.objects.create(username="user2")
-    user2.user_permissions.add(permission)
-    # Include permissions in JWT extra claims
-    token2 = create_jwt_for_user(
-        user2,
-        secret="test-secret",
-        extra_claims={"permissions": ["auth.can_delete_user"]}
-    )
-    @api.view("/users/{user_id}", methods=["DELETE"])
-    class ProtectedView(APIView):
-        auth = [JWTAuthentication(secret="test-secret")]
-        guards = [HasPermission("auth.can_delete_user")]
-        async def delete(self, request, user_id: int):
-            return {"deleted": True}
-    with TestClient(api, use_http_layer=True) as client:
-        # User without permission - should fail
-        response = client.delete("/users/123", headers={
-            "Authorization": f"Bearer {token1}"
-        })
-        assert response.status_code == 403
-        # User with permission - should work
-        response = client.delete("/users/123", headers={
-            "Authorization": f"Bearer {token2}"
-        })
-        assert response.status_code == 200
-# ============================================================================
-# Dependency Injection Tests
-# ============================================================================
-@pytest.mark.django_db(transaction=True)
-def test_depends_with_class_view(api):
-    """Test dependency injection with class-based views.
-    NOTE: Uses transaction=True to avoid SQLite database locking issues
-    when get_current_user makes async DB queries.
-    """
-    from django.contrib.auth.models import User
-    from django_bolt.auth.jwt_utils import create_jwt_for_user, get_current_user
-    user = User.objects.create(username="testuser", email="test@example.com")
-    token = create_jwt_for_user(user, secret="test-secret")
-    @api.view("/profile", methods=["GET"])
-    class ProfileView(APIView):
-        auth = [JWTAuthentication(secret="test-secret")]
-        guards = [IsAuthenticated()]
-        async def get(self,
-                     request,
-                     current_user: Annotated[User, Depends(get_current_user)]):
-            return {
-                "username": current_user.username,
-                "email": current_user.email
-            }
-    with TestClient(api, use_http_layer=True) as client:
-        response = client.get("/profile", headers={
-            "Authorization": f"Bearer {token}"
-        })
-        assert response.status_code == 200
-        data = response.json()
-        assert data["username"] == "testuser"
-        assert data["email"] == "test@example.com"
-def test_dependency_injection(api):
-    """Test custom dependency function with class-based views."""
-    async def get_db_connection():
-        """Mock database connection dependency."""
-        return {"connected": True, "db": "test_db"}
-    @api.view("/data", methods=["GET"])
-    class DataView(APIView):
-        async def get(self,
-                     request,
-                     db: Annotated[dict, Depends(get_db_connection)]):
-            return {"db_status": db}
-    with TestClient(api) as client:
-        response = client.get("/data")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["db_status"]["connected"] is True
-        assert data["db_status"]["db"] == "test_db"
-# ============================================================================
-# Error Handling Tests
-# ============================================================================
-def test_http_exception_handling(api):
-    """Test HTTPException handling in class-based views."""
-    @api.view("/users/{user_id}", methods=["GET"])
-    class UserView(APIView):
-        async def get(self, request, user_id: int):
-            if user_id == 404:
-                raise HTTPException(status_code=404, detail="User not found")
-            if user_id == 403:
-                raise HTTPException(status_code=403, detail="Access denied")
-            return {"user_id": user_id}
-    with TestClient(api) as client:
-        # Not found
-        response = client.get("/users/404")
-        assert response.status_code == 404
-        assert "not found" in response.json()["detail"].lower()
-        # Forbidden
-        response = client.get("/users/403")
-        assert response.status_code == 403
-        assert "denied" in response.json()["detail"].lower()
-        # Success
-        response = client.get("/users/123")
-        assert response.status_code == 200
-def test_unhandled_exception_in_class_view(api):
-    """Test that unhandled exceptions return 500."""
-    @api.view("/buggy", methods=["GET"])
-    class BuggyView(APIView):
-        async def get(self, request):
-            raise ValueError("Something went wrong!")
-    with TestClient(api) as client:
-        response = client.get("/buggy")
-        assert response.status_code == 500
-        assert "detail" in response.json()
-# ============================================================================
-# Streaming Response Tests
-# ============================================================================
-def test_streaming_response_with_class_view(api):
-    """Test streaming responses with class-based views."""
-    @api.view("/stream", methods=["GET"])
-    class StreamView(APIView):
-        async def get(self, request):
-            async def generate():
-                for i in range(5):
-                    yield f"data: {i}\n\n"
-            return StreamingResponse(
-                generate(),
-                media_type="text/event-stream"
-            )
-    with TestClient(api) as client:
-        response = client.get("/stream")
-        assert response.status_code == 200
-        # Note: TestClient may not fully support streaming,
-        # but we verify the response type is correct
-        assert response.headers.get("content-type") == "text/event-stream"
-# ============================================================================
-# ViewSet Integration Tests
-# ============================================================================
-def test_viewset_with_all_features(api):
-    """Test ViewSet with authentication, guards, and validation."""
-    from django_bolt.auth import JWTAuthentication
-    from django_bolt.auth.guards import IsAuthenticated
-    @api.view("/articles")
-    class ArticleViewSet(ViewSet):
-        auth = [JWTAuthentication(secret="test-secret")]
-        guards = [IsAuthenticated()]
-        queryset = []  # Mock queryset
-        serializer_class = UserSchema
-        async def get(self,
-                     request,
-                     page: Annotated[int, Query(ge=1)] = 1,
-                     limit: Annotated[int, Query(ge=1, le=100)] = 10):
-            """List with query validation."""
-            return {"page": page, "limit": limit, "items": []}
-        async def post(self, request, data: UserCreateSchema):
-            """Create with body validation."""
-            return {
-                "id": 1,
-                "username": data.username,
-                "email": data.email
-            }
-    with TestClient(api) as client:
-        # Without auth - should fail
-        response = client.get("/articles")
-        assert response.status_code == 401
-        # Create mock token (simplified for test)
-        # In real scenario, you'd create a proper JWT token
-        # For now, we just verify the auth middleware is applied
-def test_model_viewset_integration(api):
-    """Test ModelViewSet with all parameter types."""
-    class ArticleViewSet(ModelViewSet):
-        queryset = []  # Mock
-        serializer_class = UserSchema
-        async def get(self,
-                     request,
-                     pk: int,
-                     include_comments: Annotated[bool, Query()] = False,
-                     api_key: Annotated[str, Header(alias="X-API-Key")] = ""):
-            """Retrieve with path, query, and header params."""
-            return {
-                "id": pk,
-                "include_comments": include_comments,
-                "api_key": api_key
-            }
-    # This test needs fixing - viewset should use api.viewset() not api.view()
-    # For now, register with decorator
-    @api.view("/articles/{pk}", methods=["GET"])
-    class ArticleViewSetWrapper(ArticleViewSet):
-        pass
-    with TestClient(api) as client:
-        response = client.get(
-            "/articles/123?include_comments=true",
-            headers={"X-API-Key": "key123"}
-        )
-        assert response.status_code == 200
-        data = response.json()
-        assert data["id"] == 123
-        assert data["include_comments"] is True
-        assert data["api_key"] == "key123"
-# ============================================================================
-# Middleware Tests
-# ============================================================================
-def test_cors_middleware_with_class_view(api):
-    """Test CORS middleware decorator on class-based view methods."""
-    from django_bolt.middleware import cors
-    class APIView_WithCORS(APIView):
-        # Apply CORS to specific method
-        @cors(origins=["https://example.com"], methods=["GET", "POST"], credentials=True)
-        async def get(self, request):
-            return {"message": "CORS enabled"}
-        async def post(self, request):
-            return {"message": "No CORS"}
-    @api.view("/api/data", methods=["GET", "POST"])
-    class APIView_WithCORSRegistered(APIView_WithCORS):
-        pass
-    with TestClient(api) as client:
-        # GET should have CORS metadata attached
-        response = client.get("/api/data")
-        assert response.status_code == 200
-        assert response.json()["message"] == "CORS enabled"
-        # POST should work
-        response = client.post("/api/data", json={})
-        assert response.status_code == 200
-def test_rate_limit_middleware_with_class_view(api):
-    """Test rate limit middleware decorator on class-based view methods."""
-    from django_bolt.middleware import rate_limit
-    class APIView_WithRateLimit(APIView):
-        # Apply rate limiting to specific method
-        @rate_limit(rps=10, burst=20, key="ip")
-        async def get(self, request):
-            return {"message": "rate limited"}
-        async def post(self, request):
-            return {"message": "no rate limit"}
-    @api.view("/api/limited", methods=["GET", "POST"])
-    class APIView_WithRateLimitRegistered(APIView_WithRateLimit):
-        pass
-    with TestClient(api) as client:
-        # Should work (rate limiting metadata attached)
-        response = client.get("/api/limited")
-        assert response.status_code == 200
-        assert response.json()["message"] == "rate limited"
-        response = client.post("/api/limited", json={})
-        assert response.status_code == 200
-def test_skip_middleware_with_class_view(api):
-    """Test skip_middleware decorator on class-based view methods."""
-    from django_bolt.middleware import skip_middleware
-    class APIView_SkipMiddleware(APIView):
-        # Skip specific middleware for this method
-        @skip_middleware("cors", "rate_limit")
-        async def get(self, request):
-            return {"message": "middleware skipped"}
-        async def post(self, request):
-            return {"message": "normal middleware"}
-    @api.view("/api/skip", methods=["GET", "POST"])
-    class APIView_SkipMiddlewareRegistered(APIView_SkipMiddleware):
-        pass
-    with TestClient(api) as client:
-        response = client.get("/api/skip")
-        assert response.status_code == 200
-        assert response.json()["message"] == "middleware skipped"
-        response = client.post("/api/skip", json={})
-        assert response.status_code == 200
-def test_multiple_middleware_decorators_with_class_view(api):
-    """Test stacking multiple middleware decorators on class-based view methods."""
-    from django_bolt.middleware import cors, rate_limit
-    class APIView_MultiMiddleware(APIView):
-        # Stack multiple middleware decorators
-        @cors(origins=["*"])
-        @rate_limit(rps=100)
-        async def get(self, request):
-            return {"message": "multi middleware"}
-    @api.view("/api/multi", methods=["GET"])
-    class APIView_MultiMiddlewareRegistered(APIView_MultiMiddleware):
-        pass
-    with TestClient(api) as client:
-        response = client.get("/api/multi")
-        assert response.status_code == 200
-        assert response.json()["message"] == "multi middleware"
-# ============================================================================
-# Custom Action Method Tests
-# ============================================================================
-def test_custom_action_decorator_in_viewset(api):
-    """Test @action decorator custom actions INSIDE a ViewSet class."""
-    from django_bolt import action
-    class ArticleViewSet(ViewSet):
-        queryset = []
-        lookup_field = 'article_id'  # Set lookup field to match parameter names
-        async def list(self, request):
-            """Standard list action."""
-            return {"articles": []}
-        async def create(self, request):
-            """Standard create action."""
-            return {"id": 1, "created": True}
-        # Custom actions defined INSIDE the ViewSet using @action decorator
-        @action(methods=["POST"], detail=True, path="publish")
-        async def publish(self, request, article_id: int):
-            """Custom action: publish article. POST /articles/{article_id}/publish"""
-            return {"article_id": article_id, "published": True}
-        @action(methods=["POST"], detail=True, path="archive")
-        async def archive(self, request, article_id: int):
-            """Custom action: archive article. POST /articles/{article_id}/archive"""
-            return {"article_id": article_id, "archived": True}
-        @action(methods=["GET"], detail=False, path="search")
-        async def search(self, request, query: str):
-            """Custom action: search articles. GET /articles/search"""
-            return {"query": query, "results": ["article1", "article2"]}
-    # Register the ViewSet - this should register both standard methods AND custom actions
-    @api.viewset("/articles")
-    class ArticleViewSetRegistered(ArticleViewSet):
-        pass
-    with TestClient(api) as client:
-        # Standard CRUD endpoints
-        response = client.get("/articles")
-        assert response.status_code == 200
-        assert "articles" in response.json()
-        response = client.post("/articles", json={"title": "Test"})
-        assert response.status_code == 201  # HTTP 201 Created for viewset create action
-        assert response.json()["created"] is True
-        # Custom actions (registered automatically from decorators)
-        response = client.post("/articles/123/publish")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["article_id"] == 123
-        assert data["published"] is True
-        response = client.post("/articles/456/archive")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["article_id"] == 456
-        assert data["archived"] is True
-        response = client.get("/articles/search?query=django")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["query"] == "django"
-        assert "results" in data
-def test_viewset_with_multiple_custom_actions(api):
-    """Test ViewSet with many custom action methods defined INSIDE the class."""
-    from django_bolt import action
-    class UserViewSet(ViewSet):
-        lookup_field = 'user_id'  # Set lookup field to match parameter names
-        async def retrieve(self, request, user_id: int):
-            """Standard retrieve action."""
-            return {"id": user_id, "username": "testuser"}
-        # Custom actions defined INSIDE the ViewSet (real-world use cases) using @action
-        @action(methods=["POST"], detail=True, path="activate")
-        async def activate(self, request, user_id: int):
-            """Custom action: activate user account. POST /users/{user_id}/activate"""
-            return {"id": user_id, "activated": True, "status": "active"}
-        @action(methods=["POST"], detail=True, path="deactivate")
-        async def deactivate(self, request, user_id: int):
-            """Custom action: deactivate user account. POST /users/{user_id}/deactivate"""
-            return {"id": user_id, "deactivated": True, "status": "inactive"}
-        @action(methods=["POST"], detail=True, path="reset-password")
-        async def reset_password(self, request, user_id: int):
-            """Custom action: send password reset email. POST /users/{user_id}/reset-password"""
-            return {"id": user_id, "password_reset": True, "email_sent": True}
-        @action(methods=["GET"], detail=True, path="permissions")
-        async def get_permissions(self, request, user_id: int):
-            """Custom action: get user permissions. GET /users/{user_id}/permissions"""
-            return {"id": user_id, "permissions": ["read", "write"]}
-        @action(methods=["PUT"], detail=True, path="permissions")
-        async def update_permissions(self, request, user_id: int):
-            """Custom action: update user permissions. PUT /users/{user_id}/permissions"""
-            # In real app, would extract permissions from request body
-            return {"id": user_id, "permissions": ["admin"], "updated": True}
-    # Register the ViewSet - automatically registers both standard method AND all custom actions
-    @api.viewset("/users")
-    class UserViewSetRegistered(UserViewSet):
-        pass
-    with TestClient(api) as client:
-        # Standard retrieve
-        response = client.get("/users/1")
-        assert response.status_code == 200
-        assert response.json()["id"] == 1
-        # Custom action: activate
-        response = client.post("/users/1/activate")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["activated"] is True
-        assert data["status"] == "active"
-        # Custom action: deactivate
-        response = client.post("/users/1/deactivate")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["deactivated"] is True
-        assert data["status"] == "inactive"
-        # Custom action: reset password
-        response = client.post("/users/1/reset-password")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["password_reset"] is True
-        assert data["email_sent"] is True
-        # Custom action: get permissions
-        response = client.get("/users/1/permissions")
-        assert response.status_code == 200
-        assert "permissions" in response.json()
-        # Custom action: update permissions
-        response = client.put("/users/1/permissions", json={"permissions": ["admin"]})
-        assert response.status_code == 200
-        data = response.json()
-        assert data["permissions"] == ["admin"]
-        assert data["updated"] is True
-def test_custom_action_with_auth_and_guards(api):
-    """Test custom action methods INSIDE ViewSet with authentication and guards."""
-    from django_bolt.auth import APIKeyAuthentication, IsAuthenticated
-    from django_bolt import action
-    class DocumentViewSet(ViewSet):
-        # Class-level auth applies to all methods
-        auth = [APIKeyAuthentication(api_keys={"admin-key": "admin1", "user-key": "user1"})]
-        guards = [IsAuthenticated()]
-        lookup_field = 'doc_id'  # Set lookup field to match parameter names
-        async def retrieve(self, request, doc_id: int):
-            """Standard retrieve - requires auth."""
-            auth_context = request.get("auth", {})
-            return {
-                "doc_id": doc_id,
-                "title": "Secure Document",
-                "accessed_by": auth_context.get("user_id", "unknown")
-            }
-        # Custom actions INSIDE ViewSet - inherit class-level auth/guards using @action
-        @action(methods=["POST"], detail=True, path="approve")
-        async def approve(self, request, doc_id: int):
-            """Custom action: approve document (requires auth). POST /documents/{doc_id}/approve"""
-            auth_context = request.get("auth", {})
-            return {
-                "doc_id": doc_id,
-                "approved": True,
-                "approved_by": auth_context.get("user_id", "unknown")
-            }
-        @action(methods=["POST"], detail=True, path="reject")
-        async def reject(self, request, doc_id: int):
-            """Custom action: reject document (requires auth). POST /documents/{doc_id}/reject"""
-            auth_context = request.get("auth", {})
-            return {
-                "doc_id": doc_id,
-                "rejected": True,
-                "rejected_by": auth_context.get("user_id", "unknown")
-            }
-        @action(methods=["POST"], detail=True, path="lock")
-        async def lock(self, request, doc_id: int):
-            """Custom action: lock document for editing (requires auth). POST /documents/{doc_id}/lock"""
-            auth_context = request.get("auth", {})
-            return {
-                "doc_id": doc_id,
-                "locked": True,
-                "locked_by": auth_context.get("user_id", "unknown")
-            }
-    @api.viewset("/documents")
-    class DocumentViewSetRegistered(DocumentViewSet):
-        pass
-    with TestClient(api) as client:
-        # Standard retrieve without auth - should fail
-        response = client.get("/documents/123")
-        assert response.status_code == 401
-        # Standard retrieve with auth - should work
-        response = client.get("/documents/123", headers={"X-API-Key": "admin-key"})
-        assert response.status_code == 200
-        data = response.json()
-        assert data["doc_id"] == 123
-        assert "admin-key" in data["accessed_by"]
-        # Custom action: approve without auth - should fail
-        response = client.post("/documents/123/approve")
-        assert response.status_code == 401
-        # Custom action: approve with auth - should work
-        response = client.post("/documents/123/approve", headers={"X-API-Key": "admin-key"})
-        assert response.status_code == 200
-        data = response.json()
-        assert data["doc_id"] == 123
-        assert data["approved"] is True
-        assert "admin-key" in data["approved_by"]
-        # Custom action: reject with auth - should work
-        response = client.post("/documents/456/reject", headers={"X-API-Key": "user-key"})
-        assert response.status_code == 200
-        data = response.json()
-        assert data["doc_id"] == 456
-        assert data["rejected"] is True
-        assert "user-key" in data["rejected_by"]
-        # Custom action: lock with auth - should work
-        response = client.post("/documents/789/lock", headers={"X-API-Key": "admin-key"})
-        assert response.status_code == 200
-        data = response.json()
-        assert data["doc_id"] == 789
-        assert data["locked"] is True
-        assert "admin-key" in data["locked_by"]
-def test_nested_resource_actions_with_class_views(api):
-    """Test nested resource ViewSet (e.g., comment moderation)."""
-    from django_bolt import action
-    class CommentViewSet(ViewSet):
-        async def retrieve(self, request, post_id: int, comment_id: int):
-            """Standard retrieve nested resource."""
-            return {
-                "post_id": post_id,
-                "comment_id": comment_id,
-                "text": "Sample comment",
-                "status": "pending"
-            }
-        # Custom actions for nested resources using @action decorator
-        @action(methods=["POST"], detail=True, path="approve")
-        async def approve(self, request, comment_id: int, post_id: int):
-            """Custom action: approve comment. POST /posts/{post_id}/comments/{comment_id}/approve"""
-            return {
-                "post_id": post_id,
-                "comment_id": comment_id,
-                "approved": True,
-                "status": "approved"
-            }
-        @action(methods=["POST"], detail=True, path="reject")
-        async def reject(self, request, comment_id: int, post_id: int, reason: str = "spam"):
-            """Custom action: reject comment. POST /posts/{post_id}/comments/{comment_id}/reject"""
-            return {
-                "post_id": post_id,
-                "comment_id": comment_id,
-                "rejected": True,
-                "reason": reason,
-                "status": "rejected"
-            }
-        @action(methods=["POST"], detail=True, path="flag")
-        async def flag(self, request, comment_id: int, post_id: int):
-            """Custom action: flag comment. POST /posts/{post_id}/comments/{comment_id}/flag"""
-            return {
-                "post_id": post_id,
-                "comment_id": comment_id,
-                "flagged": True,
-                "status": "flagged_for_review"
-            }
-    # Register ViewSet with nested path pattern
-    # Note: ViewSet lookup_field will be 'comment_id', and post_id is an additional path param
-    @api.viewset("/posts/{post_id}/comments", lookup_field="comment_id")
-    class CommentViewSetRegistered(CommentViewSet):
-        pass
-    with TestClient(api) as client:
-        # Standard nested resource retrieve
-        response = client.get("/posts/10/comments/25")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["post_id"] == 10
-        assert data["comment_id"] == 25
-        assert data["status"] == "pending"
-        # Custom nested action: approve comment
-        response = client.post("/posts/10/comments/25/approve")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["post_id"] == 10
-        assert data["comment_id"] == 25
-        assert data["approved"] is True
-        assert data["status"] == "approved"
-        # Custom nested action: reject comment with reason
-        response = client.post("/posts/10/comments/25/reject?reason=inappropriate")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["post_id"] == 10
-        assert data["comment_id"] == 25
-        assert data["rejected"] is True
-        assert data["reason"] == "inappropriate"
-        assert data["status"] == "rejected"
-        # Custom nested action: flag comment
-        response = client.post("/posts/15/comments/42/flag")
-        assert response.status_code == 200
-        data = response.json()
-        assert data["post_id"] == 15
-        assert data["comment_id"] == 42
-        assert data["flagged"] is True
-        assert data["status"] == "flagged_for_review"
-# ============================================================================
-# Summary Test
-# ============================================================================
-def test_comprehensive_class_view_feature_coverage(api):
-    """Meta-test to verify we've covered all major features."""
-    # This test documents what features SHOULD be covered
-    required_features = [
-        "request_body_validation",
-        "query_parameter_validation",
-        "path_parameter_validation",
-        "header_parameter_extraction",
-        "cookie_parameter_extraction",
-        "mixed_parameter_sources",
-        "response_model_validation",
-        "jwt_authentication",
-        "api_key_authentication",
-        "is_authenticated_guard",
-        "is_admin_guard",
-        "has_permission_guard",
-        "dependency_injection",  # Covers custom dependencies
-        "http_exception_handling",
-        "streaming_response",
-        "viewset_integration",
-        "model_viewset_integration",
-        "cors_middleware",  # NEW: CORS decorator support
-        "rate_limit",  # NEW: Rate limit decorator support
-        "skip_middleware",  # NEW: Skip middleware decorator support
-        "custom_action",  # NEW: Custom action methods
-        "nested_resource",  # NEW: Nested resource actions
-    ]
-    # Verify all tests exist
-    import inspect
-    current_module = inspect.getmodule(inspect.currentframe())
-    test_functions = [name for name, obj in inspect.getmembers(current_module)
-                     if inspect.isfunction(obj) and name.startswith('test_')]
-    # Check coverage
-    covered_features = []
-    for feature in required_features:
-        matching_tests = [t for t in test_functions if feature in t]
-        if matching_tests:
-            covered_features.append(feature)
-    assert len(covered_features) == len(required_features), \
-        f"Missing tests for: {set(required_features) - set(covered_features)}"