Path component: do not allow unnamed patterns (#137)

sobolevn · web-flow · commit 489038ff0f17 · 2025-10-22T20:04:54.000+03:00
diff --git a/django_modern_rest/components.py b/django_modern_rest/components.py
@@ -172,7 +172,12 @@ class Path(ComponentParser, Generic[_PathT]):
     parsed paths parameters as ``self.parsed_path`` attribute.
 
     It is way stricter than the original Django's routing system.
-    For example, django allows to
+    For example, django allows to such cases:
+    - ``user_id`` is defined as ``int`` in the ``path('user/<int:user_id>')``
+    - ``user_id`` is defined as ``str`` in the view function:
+      ``def get(self, request, user_id: str): ...``
+
+    In ``django-modern-rest`` there's now a way to validate this in runtime.
     """
 
     parsed_path: _PathT
@@ -187,4 +192,9 @@ def provide_context_data(
         *args: Any,
         **kwargs: Any,
     ) -> Any:
+        if args:
+            raise RequestSerializationError(
+                f'Path {type(self)} with {model=} does not allow '
+                f'unnamed path parameters {args=}',
+            )
         return kwargs
diff --git a/django_test_app/django_test_app/urls.py b/django_test_app/django_test_app/urls.py
@@ -16,7 +16,7 @@
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 
-from django.urls import include, path
+from django.urls import include, path, re_path
 
 from django_modern_rest import Router, compose_controllers
 from django_modern_rest.openapi import (
@@ -55,6 +55,11 @@
         ).as_view(),
         name='user_update',
     ),
+    re_path(
+        r'user/direct/re/(\d+)',
+        UserUpdateController.as_view(),
+        name='user_update_direct_re',
+    ),
     path(
         'user/direct/<int:user_id>',
         UserUpdateController.as_view(),
diff --git a/tests/test_integration/test_contollers/test_user_direct_controller.py b/tests/test_integration/test_contollers/test_user_direct_controller.py
@@ -81,3 +81,18 @@ async def test_user_update_direct_view_async(self) -> None:
 
         assert response.status_code == HTTPStatus.OK
         assert response.headers['Content-Type'] == 'application/json'
+
+
+def test_user_update_direct_re(dmr_client: DMRClient, faker: Faker) -> None:
+    """Ensure that path unnamed path parameters are not allowed."""
+    email = faker.email()
+    user_id = faker.unique.random_int()
+
+    response = dmr_client.patch(
+        reverse('api:user_update_direct_re', args=(user_id,)),
+        data={'email': email, 'age': faker.unique.random_int()},
+    )
+
+    assert response.status_code == HTTPStatus.UNPROCESSABLE_ENTITY
+    assert response.headers['Content-Type'] == 'application/json'
+    assert response.json()['detail']
